0 Replies Latest reply on Jan 21, 2014 1:24 PM by pfabrizi

    Custom Parser's for NetWitness

    pfabrizi

      I have a customer that is trying to create his  own template in NetWitness to forward to SIEM. He is looking for the corresponding SIEM names in the parser that correspond to those from NetWitness

       

      for example:

                           in NetWitness template, #ip.src represents the SRC IP which appears to be SRC in the ESM packet data for that event.

       

       

       

       

      Is there a document or a way within the SIEM to see what variables are used in the out of the box NetWitness Parser?