Skip navigation
All Places > Products

RSA NetWitness Platform

Log in to follow, share, and participate in this community.

Recent Activity

support soc
Dear Team,   CheckPoint IPS doesn't show up Destination IP address field in raw logs or syslogs, But source IP is visible. (IPS logs do not contain destination IP field) So, I am writing a rule to guess few IPS destination IP addresses info from a IOC/Feed log (as a source), in a pattern with IPS log for time-being.   I am getting below error… (Show more)
in RSA NetWitness Platform
Jeremy Kerwin
Quick question, can NWE send Linux log files to NetWitness in the same way with Windows files?
in RSA NetWitness Platform
Musa Timur Sarigul
Hi everyone, I see one malware appliance is not connecting to Sa server, checked service of malware appliance and it's running in the shell.. However when I look listening ports , 60007 is not listening even service is up..   Version is 11.4.1.2 ,is there any suggestion ??   Thnx
in RSA NetWitness Platform
John Snider
NOTE:  Updated to support 11.4.1.2Scenario You need to remotely backup your NetWitness hosts to a central location, to satisfy Disaster Recovery Requirements, perform a Tech Refresh, or to be prepared for RMA replacement of a device. Solution – A Wrapper script for NRT Building off the framework of the original nw-backup scripts written for 10.x…
in RSA NetWitness Platform
Hugo Van Der Kooij
As a (network) engineer I am used to having serial console access to physical devices.   I noticed this is not enables by default on RSA Netwitness appliances. Notr is it anywhere documented here on RSA Link.   Preferably I want a supported and upgrade proof solution. Anyone been working on that?
in RSA NetWitness Platform
Isidore DESHAIES
Is there a new version of Log Parser Tool in the roadmap?   Actual version is 2 years old. RSA, a Dell Technologies business, announces the release of RSA® NetWitness Log Parser Tool v1.1   We communicated some bugs end of 2019 to Dave Glover and it should be delivered with the next Netwitness major release.   Thank you
in RSA NetWitness Platform
Halim Abouzeid
Click to view contentZerologon (CVE-2020-1472) is a vulnerability with a perfect CVSS score of 10/10 being used in the wild by attackers, allowing them to gain admin access to a Windows Domain Controller.  As more public exploits for this vulnerability are being published, including its support within mimikatz which is widely used, it’s expected to see even more… (Show more)
in RSA NetWitness Platform
Jeremy Kerwin
I'm interested in learning what would be best practice for filtering false alerts. We have a nwfeed file from a threat intel provider that maps IPs, domains and emails to threat actors.   An ESA alert is created to alert on those threat actors names and that sometimes causes false positive alerts. It's just a simple alert (select * if alert =… (Show more)
in RSA NetWitness Platform
Bryon G
See attached. I am trying to activate RSA NetWitness Investigator. Versions 10.6 and 11.4 throw three scripting errors and fail with 301 Moved Permanently during the freeware registration and activation process. A freeware account verification email is not being sent to me, so there is no way to verify my account to finish activating Investigator… (Show more)
in RSA NetWitness Platform
Anil Prabhakar
Dear Team, we are in the need of the instalation guide for the RSA netwitness 10.6.5 we have gone through the documentation but not getting any clearity, we came accross virtual host instalation guide only. Can anyone please guide us in the right direction, or do we need to follow any older documentation for the same.
in RSA NetWitness Platform
Load more items