Skip to content
  • There are no suggestions because the search field is empty.

Global Audit Logging Operation Reference - 2

NetWitness Core Services

The following table lists the operations logged by NetWitness Core Services.

  • Serial #: 1
  • Operation Name: FILE-Command
  • Meaning: Operation to list, retrieve and delete files from approved directories on this device.

  • Serial #: 2
  • Operation Name: SERVICE-Start
  • Meaning: Service started

  • Serial #: 3
  • Operation Name: SERVICE-Stop
  • Meaning: Service stopped

  • Serial #: 4
  • Operation Name: REDIRECT-Syslog
  • Meaning: Operation for syslog forwarding.

  • Serial #: 5
  • Operation Name: ADD-Monitor
  • Meaning: Issuing a filesystem monitor operation

  • Serial #: 6
  • Operation Name: DELETE-Monitor
  • Meaning: Issuing a filesystem monitor deletion operation

  • Serial #: 7
  • Operation Name: SHUTDOWN-Service/shutdown.service
  • Meaning: Shutting down appliance service

  • Serial #: 8
  • Operation Name: REBOOT-Service
  • Meaning: Restarting appliance service

  • Serial #: 9
  • Operation Name: CONFIGURE-Network
  • Meaning: Issuing Network Configuration change

  • Serial #: 10
  • Operation Name: SET-NTP
  • Meaning: Issuing NTP set operation

  • Serial #: 11
  • Operation Name: STOP-NTP
  • Meaning: Issuing NTP stop operation

  • Serial #: 12
  • Operation Name: NTP-Timesync
  • Meaning: Issuing NTP time sync operation

  • Serial #: 13
  • Operation Name: SET-SNMP
  • Meaning: Issuing SNMP set

  • Serial #: 14
  • Operation Name: UPGRADE/upgrade
  • Meaning: Issuing upgrade operation

  • Serial #: 15
  • Operation Name: create.collection
  • Meaning: Operation to create an empty collection.

  • Serial #: 16
  • Operation Name: restore
  • Meaning: Issuing restore

  • Serial #: 17
  • Operation Name: session.aggregation
  • Meaning: Issuing aggregation start/stop

  • Serial #: 18
  • Operation Name: add.device
  • Meaning: Adding a device for aggregation

  • Serial #: 19
  • Operation Name: edit.device
  • Meaning: Editing a device used for aggregation

  • Serial #: 20
  • Operation Name: delete.device
  • Meaning: Deleting a device used for aggregation

  • Serial #: 21
  • Operation Name: capture.start
  • Meaning: Starting capture operation

  • Serial #: 22
  • Operation Name: capture.stop
  • Meaning: Stopping capture operation

  • Serial #: 23
  • Operation Name: select.interface
  • Meaning: Selecting capture interface

  • Serial #: 24
  • Operation Name: export
  • Meaning: Operation to export packets or sessions.

  • Serial #: 25
  • Operation Name: reload
  • Meaning: Issuing a parser reload

  • Serial #: 26
  • Operation Name: schema
  • Meaning: Issuing a schema request for loaded parsers

  • Serial #: 27
  • Operation Name: upload/file.upload
  • Meaning: Issuing file upload

  • Serial #: 28
  • Operation Name: notify
  • Meaning: Issuing feed notify

  • Serial #: 29
  • Operation Name: delete
  • Meaning: Issuing file deletion

  • Serial #: 30
  • Operation Name: edit.config
  • Meaning: Configuration change operation

  • Serial #: 31
  • Operation Name: parsers.transforms
  • Meaning: Perform a language key transformation

  • Serial #: 32
  • Operation Name: data.reset
  • Meaning: Data reset operation

  • Serial #: 33
  • Operation Name: timeout
  • Meaning: REST request timeout

  • Serial #: 34
  • Operation Name: cancel
  • Meaning: Cancel a running query

  • Serial #: 35
  • Operation Name: timeroll
  • Meaning: Operation to delete the database files that exceed a given limit.

  • Serial #: 36
  • Operation Name: dump
  • Meaning: Operation to dump information out of the database in nwd formatted files.

  • Serial #: 37
  • Operation Name: session.wipe
  • Meaning: Issuing a session wipe operation

  • Serial #: 38
  • Operation Name: REPLACE-Rule
  • Meaning: Issuing a rule replace operation

  • Serial #:

  • Serial #: 55
  • Operation Name: STOREDPROCOP
  • Meaning: Issuing file upload cancel/start

  • Serial #: 56
  • Operation Name: ADD-Task
  • Meaning: Added scheduled task

  • Serial #: 57
  • Operation Name: DELETE-Task
  • Meaning: Deleted scheduled task

  • Serial #: 58
  • Operation Name: logoff
  • Meaning: Issuing logout operation

  • Serial #: 59
  • Operation Name: list.cacerts
  • Meaning: Issuing list trusted CA certificate operation

  • Serial #: 60
  • Operation Name: delete.cacerts
  • Meaning: Issuing delete trusted CA certificate operation

  • Serial #: 61
  • Operation Name: add.cacerts
  • Meaning: Issuing addition of trusted CA certificate operation

  • Serial #: 62
  • Operation Name: restart.command
  • Meaning: Issuing restart command line option

  • Serial #: 63
  • Operation Name: delete.file/file.delete
  • Meaning: Operation to delete system configuration files.

  • Serial #: 64
  • Operation Name: update.file/file.update
  • Meaning: Operation to update system configuration file.

  • Serial #: 65
  • Operation Name: create.file
  • Meaning: Issuing file creation operation

  • Serial #: 66
  • Operation Name: query
  • Meaning: Issue a database query

  • Serial #: 67
  • Operation Name: unlock
  • Meaning: Issuing unlock user account operation

  • Serial #: 68
  • Operation Name: user.add
  • Meaning: Operation to create user accounts on individual devices.

  • Serial #: 69
  • Operation Name: user.delete
  • Meaning: Operation to delete a user on individual devices.

  • Serial #: 70
  • Operation Name: group.create
  • Meaning: Operation to add a new group to the system.

  • Serial #: 71
  • Operation Name: user.remove
  • Meaning: Remove a user account from a group

  • Serial #: 72
  • Operation Name: group.delete
  • Meaning: Delete a group from the /users/groups tree

  • Serial #: 73
  • Operation Name: add.user
  • Meaning: Issuing add user command to collection

  • Serial #: 74
  • Operation Name: delete.user
  • Meaning: Issuing delete user command to collection

  • Serial #: 75
  • Operation Name: remove.user
  • Meaning: Removing an user from collection

  • Serial #: 76
  • Operation Name: collection.open
  • Meaning: Issuing an open command for a collection

  • Serial #: 77
  • Operation Name: collection.close
  • Meaning: Issuing a close command for a collection

  • Serial #: 78
  • Operation Name: collection.delete
  • Meaning: Issuing collection deletion command

  • Serial #: 79
  • Operation Name: reingest.start
  • Meaning: Operation to start reingesting of packet data in collection.

  • Serial #: 80
  • Operation Name: feed.notify
  • Meaning: Issuing a feed notify command

  • Serial #: 81
  • Operation Name: collect
  • Meaning: Issuing a collect command

  • Serial #: 82
  • Operation Name: collect.start
  • Meaning: Issuing a data collection start

  • Serial #: 83
  • Operation Name: collection.global
  • Meaning: Issuing import parser command

  • Serial #: 84
  • Operation Name: parser.reload
  • Meaning: Issuing parser reload command

  • Serial #: 85
  • Operation Name: reingest
  • Meaning: Operation to reingest packet data in collection.

  • Serial #: 86
  • Operation Name: collection.create
  • Meaning: Issuing a create collection command

  • Serial #: 87
  • Operation Name: collection.restore
  • Meaning: Issuing a restore collection command

  • Serial #: 88
  • Operation Name: collection.clone
  • Meaning: Issuing a clone collection command

  • Serial #: 89
  • Operation Name: parser.reload
  • Meaning: Issuing parser reload command

  • Serial #: 90
  • Operation Name: sdk.query
  • Meaning: Performs a query against the meta database

  • Serial #: 91
  • Operation Name: sdk.msearch
  • Meaning: Search for pattern matches in many sessions or packets

  • Serial #: 92
  • Operation Name: sdk.values
  • Meaning: Performs a value count query and returns the matching values for a report

  • Serial #: 93
  • Operation Name: sdk.timeline
  • Meaning: Returns the count of sessions/size/packets in discrete time intervals

,>, , , , ,>, ,