.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Edit the Incident Rules Export ZIP File
Edit the Incident Rules Export ZIP FileEdit the Incident Rules Export ZIP File
This procedure is optional and is for advanced users. When exporting incident rules from the Respond Incident Rules view, the exported incident rules file is a ZIP file in the format
- aggregation_rule_schema.json contains the incident rule schema.
-
-incident_rules_export.json contains the incident rules.
You can import this ZIP file on another NetWitness Server on the same release version.
There may be situations when you need to edit the these files before you import them to another NetWitness Server.
To edit the incident rules export files:
- Follow the Incident Rule Export Files Editing Guidelines below to edit the export files.
- Before importing, verify that the ZIP file does not contain additional files or folders. The ZIP file should contain only the mandatory aggregation_rule_schema.json and
-incident_rules_export.json files to go through the import. Any files other than these two cause the import to fail.
For example, when compressing files on a Mac, it adds a temp folder __MACOSX that needs to be excluded while zipping the file.
Note: You cannot export Advanced rules.
Incident Rule Export Files Editing GuidelinesIncident Rule Export Files Editing Guidelines
Ensure that the following fields have at least one value. Removing a value or having an empty value for the following fields results in abnormal behavior.