MSRPC Records

Hello!

I am looking to ensure all the necessary records are being written to the EXA from the ECA/EDA for detection investigation purposes. I am looking to collect records based off of events relating to various flow and L7 transaction information through individual triggers with device groups that match the event/protocol activity desired. As I am fairly new to both Javascript and Triggers, I followed a support representative’s original suggestion of committing the records per event interface and with only the necessary device groups for trigger optimization purposes and reduce the likelihood of Trigger exceptions.

Example:
HTTP.commitRecord();
For HTTP Servers and HTTP Clients

When attempting to commit a MSRPC record to be processed from a trigger, I noticed that there are no MSRPC Request and MSRPC Response event options to select to process the necessary records. How would I process MSRPC records for the MSRPC Request and MSRPC Response events? I would like to ensure related L7 transaction information is available for drill-down functionality in detections.

MSRPC shows up as “RPC” in our trigger API.

2 Likes