MSRPC Records


I am looking to ensure all the necessary records are being written to the EXA from the ECA/EDA for detection investigation purposes. I am looking to collect records based off of events relating to various flow and L7 transaction information through individual triggers with device groups that match the event/protocol activity desired. As I am fairly new to both Javascript and Triggers, I followed a support representative’s original suggestion of committing the records per event interface and with only the necessary device groups for trigger optimization purposes and reduce the likelihood of Trigger exceptions.

For HTTP Servers and HTTP Clients

When attempting to commit a MSRPC record to be processed from a trigger, I noticed that there are no MSRPC Request and MSRPC Response event options to select to process the necessary records. How would I process MSRPC records for the MSRPC Request and MSRPC Response events? I would like to ensure related L7 transaction information is available for drill-down functionality in detections.

MSRPC shows up as “RPC” in our trigger API.