on Apr 16, 202016APR2020 Update
- adding a modified script for NetWitness environments at-or-above version 11.4.1 (due to JDK 11)
- renaming the original script to indicate recommended use in pre-11.4.1 NetWitness environments
19DEC2019 Update (with props to Leonard Chvilicek for pointing out several issues with the original script)
- implemented more accurate java version & path detection for JDK variable
- implemented 30 second timeout on s_client command
- implemented additional check on address of hosting server
- implemented more accurate keystore import error check
- script will show additional URLs for certs with Subject Alternate Names
In the past, I've seen a number of people ask how to enable a recurring feed from a hosting server that is using SSL/TLS, particularly when attempting to add a recurring feed hosted on the NetWitness Node0 server itself. The issue presents itself as a "Failed to access file" error message, which can be especially frustrating when you know your CSV file is there on the server, and you've double- and triple-checked that you have the correct URL:
There are a number of blogs and KBs that cover this topic in varying degrees of detail:
- Endpoint Integ: Configure Contextual Data from Endpoint via Recurring Feed
- Live: Create and Manage an Identity Feed
- A list two ways - Feeds and Context Hub
Since all the steps required to enable a recurring feed from a SSL/TLS-protected server are done via CLI (apart from the Feed Wizard in the UI), I figured it would be a good idea to put together a script that would just do everything - minus a couple requests for user input and (y/N) prompts - automatically.
The goal here is that this will quickly and easily allow people to add new recurring feeds from any server that is hosting a CSV:
Success!
