Version

Argent Defender Ultra – All versions

Date

Wednesday, 13 June 2018

Summary

This article describes a specific scenario monitoring XML Feed using Argent Defender Ultra

Customer noticed false alert after XML format was recently changed

XML contents used to appear as XML Tree but recently appeared as a “styled” webpage

Technical Background

Reading XML file in text editor can be very different from opening it in a web browser

When reading XML file using XSL Style Sheet in a web browser, the style sheet can transform it into a webpage containing additional data

Keyword chosen for alerting may not be found in the XML file itself

It can be validated by viewing source of “webpage”

Customer aimed to ensure XML Feed contain valid data instead of correctly “styled”

Resolution

1. Validate XML content by viewing “source code” after page is fully loaded
2. Choose keyword from “source code”
3. Update “keywords” in Recorded Session Scripts in Argent Defender Ultra