I am new to using the RSA NetWitness product.
I started reading the ESA Rule documentation to try create a custom correlation but I have problems.
(Version Product 188.8.131.52)
I create a ContextHub List containing malicious hash (SHA256).
I add the CH list in ESA Rule tab --> Settings --> Enrichment Souces
After this I created a rule with this condition:
but when i try to save i get this :
Then I don't understand why I can't remove the first condition
where am i wrong?
Can someone help me.