RSA NetWitness - Log Parser Rules (Dynamic Rules)

Video created by Naushad Kasu Employee on Nov 4, 2019

    Documentation Link: Log Parsing Customization Guide for RSA NetWitness Platform 11.x - Table of Contents 

     

    This video covers the building of a log parser using the Log Parser Rules feature within RSA NetWitness. We cover in its entirety scenario 1, and scenario 2 has coverage as well to a limited degree as it comprises mostly of steps covered in Scenario 1.

     

    Scenario 1:

    - Device Type (device.type) does not exist

    - Message ID (msg.id) does not exist

     

    Scenario 2:

    - Device Type (device.type) exists

    - Message ID (msg.id) does not exist