-
IPAM search - syntax
Is there a possibility to search for individual IP address or specify certain wildcard syntax ? example 1: search for: 10.10.10.3 result: 10.10.10.3, 10.10.10.31,10.10.10.32........ - basically all IP containing x.x.x.3 expected result: 10.10.10.3 only example:2 search for: *.10.3 - search for specific IP across multiple…
-
SWQL Pad
Enhance SWQL to include PAD for text manipulation PAD([LEADING|TRAILING|BOTH] ARG [WITH CHARACTER] [TO LENGTH]) Example: SELECT N.IPAddress AS IP , N.DnsBackward , PAD(LEADING ARRAYVALUEAT(SPLITSTRINGTOARRAY(REPLACE(IP,'.','|§|§|')),0) WITH '0' TO 3) AS O1 , PAD(LEADING…
-
SWQL Alias reuse
Enhance SWQL statements to allow reuse of aliases in the preceding SELECTION. Examples: SELECT A , A * B AS AB , B , B / A AS BA , AB + BA AS ABBA FROM TABLE; SELECT N.IPAddress AS IP , N.DnsBackward NAME , CHARINDEX('.',IP,1)-1 AS P1 , CHARINDEX('.',IP,P1)-1 AS P2 , CHARINDEX('.',IP,P2)-1 AS P3 , CHARINDEX('.',IP,P3)-1 AS…
-
When can SWQL refer to an Alias
I'm trying to parse strings and am trying to refer to an alias in the SWQL query. In the following query, I can refer to the alias IP without issue. However, the alias from the CHARINDEX expression gives an exception: Cannot resolve property P1. SELECT N.IPAddress AS IP , N.DnsBackward , CHARINDEX('.',IP,1)-1 AS P1 ,…
-
SWQL CAST
SWQL needs a way to cast an argument of one datatype to another: CAST(ARG AS DATATYPE [USING FORMAT ''] ) examples: CAST(ARG AS INT) CAST("0.0" AS DOUBLE) CAST(ARG AS DATETIME USING FORMAT 'YYYY-MM-DD HH:mm:ss') CAST(0.0 AS INT) More string parsing is also needed:
-
SWQL SubString enhancement
Enhance SubString to use the following syntax: SUBSRTING(# OF FIELD BETWEEN 'character') examples: SUBSTRING( 1 OF ARG BETWEEN '.') -- dot separator SUBSTRING( 4 OF ARG BETWEEN ',') -- comma delimiter SUBSTRING( 2 OF ARG BETWEEN ' ') -- spaces More string parsing is needed in general:
-
Email Syntax for Event Log
Hi, Guys. Hope everyone is doing good. I just want to ask how can i call the following event log information from my email escalation trigger. i used this syntax but ${N=SwisEntity;M=ComponentAlert.WindowsEventMessages} nothing happens it just return the syntax.
-
Filtering out Computer Account Activity
I'm attempting to set up both a saved search (nDepth) and filter (Monitor) excluding computer accounts (ending in $ sign). However.... * In nDepth, when I add a Group with the following condition... UserModifyAttribute.SourceAccount ≠ *$ ...I still get computer accounts showing up in the results. I have tried putting that…
-
NPM 12.0.1_SAM 6.3.0_NTA 4.2.1 Exported Alerts!
The attached zip file contains the fresh, out-of-the-box alerts as created during the installation process for NPM 12.0.1, SAM 6.3.0, and NTA 4.2.1. The precise product-line banner at the bottom of the webpage reads: Orion Platform 2016.2.100, DPA 10.2.0, NPM 12.0.1, IVIM 2.1.2, NetPath 1.0.1, QoE 2.2.0, SAM 6.3.0, NTA…
-
Where can I get a device template for a Cisco ASA 5520 that will give me a "more system:running-config"?
I am backing up a Cisco ASA 5520 which is acting as a VPN firewall, problem is the config NCM is downloading for me is not enough. A "show run" command does not display enough information for me such as pre-shared keys. It's my understanding that NCM uses device templates to know what commands to run on a device it's…