• A Treatise on Writing Packet Parsers for the RSA NetWitness Platform

    PARSERS - A Treatise on Writing Packet Parsers for RSA NetWitness   If you're interested in learning to write your own custom packet parsers, this is the information you need.  It covers parser writing from...
    William Motley
    last modified by William Motley
  • Packet Parsers

    This topic discusses and describes the packet (Lua) parsers available in RSA NetWitness Platform. If you need a parser that does not already exist, you can Request a Parser. Note: More information on each of these par...
    RSA Information Design and Development
    last modified by RSA Product Team
  • Log Parser Customization

    On occasion, you may need to modify one or more of your log parsers. For example, you may need to fix an unknown message, or to parse certain fields differently than in the manner provided by default. Log Parser Cust...
    RSA Information Design and Development
    last modified by RSA Product Team
  • Phishing Lua Parser Options

        Caution: RSA strongly suggests that you do not subscribe to the options file. Subsequent downloads of this file will overwrite all changes that you have made to the file. Note the following: ...
  • SMTP Lua Parser Options

        Caution: RSA strongly suggests that you do not subscribe to the options file. Subsequent downloads of this file will overwrite all changes that you have made to the file. Note the following: ...
  • Create Custom (File Collection) Typespec

        RSA NetWitness uses type specification (typespec) files for ODBC and file collection. These files act on raw log files, and are used for two main purposes: Define where in the log file da...
  • HTTP Lua Parser Options

        Caution: RSA strongly suggests that you do not subscribe to the options file. Subsequent downloads of this file will overwrite all changes that you have made to the file. Note the following: ...
  • Mail Lua Parser Options

        Caution: RSA strongly suggests that you do not subscribe to the options file. Subsequent downloads of this file will overwrite all changes that you have made to the file. Note the following: ...
  • Create Custom (ODBC Collection) Typespec

        RSA NetWitness uses type specification (typespec) files for ODBC and file collection. These files act on raw log files, and are used for two main purposes: Define where in the log file da...
  • Traffic Flow Lua Parser

        Introduction The Decoder identifies the host which initiated a session as ip.src, and the responding host as ip.dst. However, there is no indication which hosts are internal to your network and which...
  • System Parsers

        This topic lists the native parsers available in RSA Security Analytics. Context Packet parsers identify the application layer protocol of sessions seen by the Decoder, and extract meta data from t...
  • TLD Lua Parser Options

        Caution: RSA strongly suggests that you do not subscribe to the options file. Subsequent downloads of this file will overwrite all changes that you have made to the file. Note the following: ...
  • Custom CEF Parser

        This topic discusses and describes the custom CEF parser (cef-custom.xml), that overrides the standard, base CEF (Common Event Format) parser. Context Customers need the ability to customize the ke...
  • LDAP Parser Options File

        Caution: RSA strongly suggests that you do not subscribe to the options file. Subsequent downloads of this file will overwrite all changes that you have made to the file. Note the following: ...
  • Add or Update Supported Event Source Log Parsers

        This topic tells you how to add supported Event Source Log Parsers or update existing Event Source Log Parsers by downloading them from Live and deploying them to a Log Decoder. Caution: When y...
  • Log Parser Tool v1.1 User Guide

    Scott Marcus
    last modified by Mini Rajendrakumar