Skip navigation
All Places > Products

RSA NetWitness Platform

Log in to follow, share, and participate in this community.

Recent Activity

Maximiliano Cittadini
Hi all, I have a customer who is running Kaspersky and he doesn't have access to the SQL Express instance (it seems that the kaspersky solution install and creates it own db engine with sql express, with a custom admin user and it isn't available) The long story, shor: the customer is sending to Netwitness Log Collector (v. 11.3.2) a CEF syslog… (Show more)
in RSA NetWitness Platform
Shishir Kumar
Hi All,   We have recently moved to v11.3.1.1 on Netwitness and I am trying ot use the default Event Source monitoring to send syslog to one of our decoders when a device is inactive for a certain period of time. The default syslog template that is included for v11.3 is as below:   <@compress single_line=true>CEF:0|RSA|NetWitness Platform Event… (Show more)
in RSA NetWitness Platform
Richard van den Berg
We have several appliances that report tcp.srcport is overflown. We are familiar with this concept for meta keys that have limited index sizes like payload or filename, but tcp.srcport in defined correctly in index-concentrator.xml as:   <key description="TCP Source Port" name="tcp.srcport" format="UInt16" level="IndexValues" valueMax="65536">… (Show more)
in RSA NetWitness Platform
Tomi Reiman
What compression ratios do the different levels of meta.compression.level and packet.compression.level effectively translate to with the different packet.compression and meta.compression values?   I.e. if we start from the situation where both meta.compression and packet.compression are set to "none", and we consider the storage requirement at… (Show more)
in RSA NetWitness Platform
Visham Rawat
The syslog collection option isn't showing up for the remote log collector. Not sure why? The other 9 collection methods show, but syslog doesn't on the VLC.
in RSA NetWitness Platform
Lee Kirkpatrick
Click to view contentOver the past year, I have posted multiple blogs whereby I perform APT (Advanced Persistent Threat) emulation and analyse the forensic footprint left behind after the attack using the NetWitness platform. In this post, I take a look at an adversary emulation framework from MITRE named CALDERA - Cyber Adversary Language and Decision Engine for Red… (Show more)
in RSA NetWitness Platform
RSA Link Team
Date Range: Sunday, December 1st -- Saturday, December 7th   Article Title Author Last Published Date 000037719 - RSA NetWitness 11.3 Known Issues Master List James Moon 05 Dec 2019 000038188 - nwsetup-tui script failed to restore from a backup file in RSA NetWitness. James Moon 03 Dec 2019
in RSA NetWitness Platform
RSA Link Team
Date Range: Sunday, December 1st -- Saturday, December 7th   Article Title Author Last Published Date 000031174 - How to use the right certificate for RSA ECAT Agent Mohamed Essam 03 Dec 2019
in RSA NetWitness Platform
Richard van den Berg
Click to view contentWhen accessing the RESTful API as described in SDK Commands I was used to seeing the /sdk form as displayed on page 15 of that PDF: However, in 11.3.1.0 the form is no longer there. Only the static links shown on page 14 is there: I tried a Concentrator and Broker and even the new EmberUI. There is no SDK form. :-( The form was very useful… (Show more)
in RSA NetWitness Platform
Load more items