Can I retrieve all metadata of a network session using the REST API? If so, can someone explain to me how this works?
I want to use the sessionid as unique identifier.
Cheers, Niels.
Can I retrieve all metadata of a network session using the REST API? If so, can someone explain to me how this works?
I want to use the sessionid as unique identifier.
Cheers, Niels.
Hi Neils,
You could get it with the following REST Endpoint:
https://brokerip:50103/sdk?msg=query&query=select+*+where+sessionid%3D<sessionid>&size=8192
There are also a couple of scripts in some of my other posts that could help, namely REST API to CSV and RSA NetWitness Packet Meta in ELK depending on whether you prefer CSV or JSON output.
Hope this helps!
Cheers,
Rui
Hi Neils,
You could get it with the following REST Endpoint:
There are also a couple of scripts in some of my other posts that could help, namely REST API to CSV and RSA NetWitness Packet Meta in ELK depending on whether you prefer CSV or JSON output.
Hope this helps!
Cheers,
Rui