Skip navigation
All Places > Products

RSA NetWitness Platform

Log in to follow, share, and participate in this community.

Recent Activity

Renee Russell
Hello,   I wanted to get clarification on what criteria analysis.service gets populated with "http request path host header mismatch" Specifically does is it: domain mismatch , tld mismatch or entirely different domains altogether.   I see this  from Hunting Guide: http.lua analysis.service http request path host header mismatch The request… (Show more)
in RSA NetWitness Platform
Marinos Roussos
After upgrading I noticed that some unidentified content previously dropped on the log decoder is now making it through.   Without surprise, this was not documented anywhere. Let's not start a debate on how awesome RSA's documentation is, I would rather see some evidence instead.   --Previously only logs complying with RFC 5424 protocol could… (Show more)
in RSA NetWitness Platform
Lyndon Prescott
I am interested in tuning Automated Threat Detection in v11.2 when using a packet source. My specific environment is large and includes 2 layers of forward proxies and a load balancing VIP which causes many issues involving duplicate traffic in the standard suspicious domains module workflow. Unfortunately using the proxy logs is not an option.… (Show more)
in RSA NetWitness Platform
Sebastian Hernandez
I found this procedure to change the IP or hostname for a host and I'm looking the same for version 11.2.   Sys Maintenance: Change IP Address or Hostname of a Host    I found this procedure to change the IP address that I supposed it will work on Centos 7, but how do I update the Netwitness Server on the diferent host to make the… (Show more)
in RSA NetWitness Platform
Yossi Nagar
Hi,    I'm facing a problem with authenticating to SA with AD accounts.  A few weeks ago one of my colleagues was not able to login the system using he's AD account, so for temporary solution I created for him a local account.  This morning, I was trying to login the system using my AD account, but I got the same "Bad Credentials" error message… (Show more)
in RSA NetWitness Platform
Eric Partington
Click to view contentA couple of interactions with customers recently sent me down the path of designing better whitelisting options around well known services that generate a lot of benign traffic.  A lot of customers have gone down the path of Office365, Windows 10 and Chrome/Firefox as standard software in the Enterprise.  As a result, the traffic that NetWitness… (Show more)
in RSA NetWitness Platform
Lee Kirkpatrick
Click to view contentFollowing up from the previous blog, Web Shells and RSA NetWitness, the attacker has since moved laterally. Using one of the previously uploaded Web Shells, the attacker confirms permissions by running, whoami, and checks the running processes using, tasklist. Attackers, like most individuals, are creatures of habit:   The attacker also… (Show more)
in RSA NetWitness Platform
Denise Sposato
RSA CHARGE 2019 CALL FOR SPEAKERS OPEN FOR SUBMISSIONS It's official - time to get your creative juices flowing as the RSA Charge 2019 'Call for Speakers' (C4S) is now open and awaiting your submissions!   As you are aware, the RSA Charge events represent all RSA products and an increasing number of customers across solutions attend this… (Show more)
in RSA NetWitness Platform
Lee Kirkpatrick
Click to view contentIntroduction This blog post demonstrates a common method as to how organisations can get compromised. Initially, the viewpoint will be from the attacker’s perspective, it will then move on to show what artifacts are left over within the RSA NetWitness Packets and RSA NetWitness Endpoint solutions that analysts could use to detect this type of… (Show more)
in RSA NetWitness Platform
Maximiliano Cittadini
Hi all! I have a little question, let's say we have a Log Collector with two syslog ports as receivers, is any way to put in a meta of the event on which of those two ports the event was received? thanks!
in RSA NetWitness Platform
Load more items