Skip navigation
All Places > Products

RSA NetWitness Platform

Log in to follow, share, and participate in this community.

Recent Activity

Jeremy Kerwin
Here is my situation. I have a feed from a commercial threat intel provider that matches IPs and domains to threat actors. I'm in the investigate module, investigating an alert on a dst.ip address that is alerting to a particular threat group, let's say APT1. The source of the event is from the firewall stating that the proxy server is connecting… (Show more)
in RSA NetWitness Platform
Mohammad Ennab
Dears; if the main RSA SA appliance for any reason got failed, and we need to rediscover and install RSA services (loghybrid and log packet, ESA...etc) to another different RSA SA VM appliance which is ready and running up. what is the procedure to discover and install RSA services to the new different SA appliance?   We not asking about system… (Show more)
in RSA NetWitness Platform
Bohdan Rylko
I am creating EPL rule, where I want to take 2 type of events - one type has user.src and the second type has different identification of user in custom meta, for which I add user.src using a custom feed, but it can have also empty user.src if the feed doesn't match on it. Then I need to group generated alerts into incident grouped by user.src.  … (Show more)
in RSA NetWitness Platform
John Abinash Paul
Hi Friends,   I am getting Getting Error in when i try to deploy below Esper Rule in ESA "unknown method Collection.toLowerCase()"  .Can anyone Help?   This happened after upgrade from 11.x to 11.3.1.0     Snippet:   @RSAAlert(oneInSeconds=0) @Hint('reclaim_group_aged=100') SELECT * FROM Event( /* Statement: symantecav */ (device_type… (Show more)
in RSA NetWitness Platform
RSA Product Team
The NetWitness Platform IDD team just added a new video for installing and configuring a Relay Server (How to Install and Configure an Endpoint Relay Server). See the NetWitness Platform Documentation page under Videos for a list of all videos.  RSA NetWitness Platform Online Documentation 
in RSA NetWitness Platform
RSA Product Team
This video describes how to install and set up an Endpoint Relay Server.
Video preview image▶︎
in RSA NetWitness Platform
Miha Mesojedec
Click to view contentTo successfully parse Suricata JSON logs via syslog collector we need to use LUA parser in NetWitness Log Decoder. Suricata LUA parser in this example is mapping only specific fields from JSON logs to metakeys. In case additional metakeys needs to be mapped then modification of LUA parser is needed and additional "custom" metakeys needs to be…
in RSA NetWitness Platform
Vikramsingh Rajawat
I want to deploy rule for Mirai Botnet. Event Device Type is Customdns, Event.threat_Category is Malware and Event.threat_subtype is Mirai Aggregation is 2500 Events in 1 minute. but still I am getting many alerts. What to do to reduce the number of matches. Is there a way to supress alerts after first alert for certain duration to keep minimum… (Show more)
in RSA NetWitness Platform
Denise Sposato
It’s official: digital transformation is having a palpable impact on companies’ risk profiles, according to the results of our landmark RSA® Digital Risk Report, the first definitive survey of organizations’ perceptions of—and plans for managing—digital risk. An overwhelming 90 percent of survey respondents indicate their organization’s risk… (Show more)
Visham Rawat
Which ports do I need to open for collecting logs from windows servers? Far as I know it's 5985 or 5986, bi-directional, between the windows event source and rsa sa log collector. Do I also need to open port 80 or 443, bi-directional? Also, is it TCP or UDP?   Please let me know what it is for port 514 as well - TCP or UDP?
in RSA NetWitness Platform
Load more items