.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
The meaning of the Meta key Meduim in NetWitness Platform
Resolution
- Sessions in NetWitness can be created by various means, such as packets ingested by a Packet Decoder, logs ingested by a Log Decoder, sessions created due to correlation rule matches, etc.
- The medium meta key of a session indicates the session type. (i.e. packets, logs, correlation, etc.) For example, if a session is created by a Packet Decoder after ingesting an Ethernet packet, the medium meta key value is set to 1. If a session is created by a Log Decoder after ingesting a log, the medium meta key value is set to 32. If a session is created by the correlation engine because a session matched a correlation rule then the medium meta key value is set to 33.
- The interpretation of each integer for the meta key can be found in the /etc/netwitness/ng/index-concentrator.xml file on concentrator appliances. They are also provided in the table below.
Notes
The table below shows the relation between the medium meta key integers and the session types.Product Details
NetWitness Product Set: NetWitness Platform
NetWitness Product/Service Type: NetWitness UI, Reporting Engine, Concentrator
NetWitness Version/Condition: 11.x, 12.x
Platform: CentOS 7 / Alma
Approval Reviewer Queue
Technical approval queue