Security

last person joined: 2 days ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Ingress Events Dictionaries - global field /variable - multi-line log.

This thread has been viewed 1 times

  • 1.  Ingress Events Dictionaries - global field /variable - multi-line log.

    Posted Apr 25, 2018 05:23 AM

    Hello,

    I have a problem with counting port 80 instances in a multi-line log.

     

    When CPPM parses a multi-line log incoming in one second, correctly assigns enforcement profiles to newly created events (in my case, it's 3 events when the port 80 will appear in the log line), but unfortunately, it only once executes enforcement profiles for my attribute in which I count the occurrence of port 80.

     

    Is it possible to implement a global field / variable to pass values to the next event?

    Below is an example multi-line log incoming in one second:

     

    root: 192.168.1.10|unknown (80/tcp)|92567|description|
root: 192.168.1.10|unknown (80/tcp)|92567|description|
root: 192.168.1.10|unknown (80/tcp)|92567|description|