Log in to follow, share, and participate in this community. NOTE: Updated to support 220.127.116.11Scenario You need to remotely backup your NetWitness hosts to a central location, to satisfy Disaster Recovery Requirements, perform a Tech Refresh, or to be prepared for RMA rep... Hello, I have a parsing issue with the following Linux log : <37>Jan 4 19:56:01 hostname PAM-unixteam: pam_sm_acct_mgmt(service=crond, terminal=cron, user=root, ruser=UNDEF, rhost=UNDEF) This... What is LogStash: LogStash is an Elastic product that can collect, parse, and transform logs to be presented to some type of output such as an Elastic Stack or a RSA Decoder or Virtual Log Collector. https://www.ela... What is bonding? Bonding protocol - Wikipedia Generally speaking, in the Linux world, this action combines multiple physical interfaces into one or more logical interface. Why you may want to bond? Ti... Use this process if you would like full control of your backups, otherwise I advise you use the NRT Wrapper Method for an automated approach, - Centralized Backup & Restore of NetWitness Version 11.2+ (... Although the RSA NetWitness platform gives administrators visibility into system metrics through the Health & Wellness Systems Stats Browser, we currently do not have a method to see all storage / retention a... Hello. It may be a stupid question but I'm not a programmer. So, how can I compare two different types of meta in ESA Rule(EPL) statement. I need to compare string with string user_dst ... 22APR2020 - UPDATE: Naushad Kasu has posted a video blog of this process and I have posted the template.xml and NweAgentPolicyDetails_x64.exe files from his blog here. 08APR2020 - UPDATE: adding ... Hi, We are migrate and upgrade from 10.6.6 to 11.3, using ISO to boot, while entering the setup prompt have this error; "mount : special device /dev/VolGroup00/root does not exist cp: cannot stat... Hi Everyone I deploy RSA Netwitness 11.5 into my lab after that I change IP address on SA and component. Everything is fine, the only exception is I can't click on to event in Incident menu to see event d... Introduction
... My organization has decided to drop log support in RSA (don't ask why, it wasn't my idea). If I'm using RSA for a packet only solution, can I still connect to Active Directory for an identity feed? My unde... As a (network) engineer I am used to having serial console access to physical devices. I noticed this is not enables by default on RSA Netwitness appliances. Notr is it anywhere documented here on RSA Link. ... Is there a new version of Log Parser Tool in the roadmap? Actual version is 2 years old. RSA, a Dell Technologies business, announces the release of RSA® NetWitness Log Parser Tool v1.1 We commun... Zerologon (CVE-2020-1472) is a vulnerability with a perfect CVSS score of 10/10 being used in the wild by attackers, allowing them to gain admin access to a Windows Domain Controller. As more publ... I'm interested in learning what would be best practice for filtering false alerts. We have a nwfeed file from a threat intel provider that maps IPs, domains and emails to threat actors. An ESA alert is create... Many of you may be using a Pi-hole in your home labs, or even at the office. The issue is the logs are stored in a local text file and NetWitness does not support the logs. As many know DNS records are v... What is the difference between requirePri=false and snaplen=1514 in capture.device.params in Decoder config (DECODER->EXPLORE->decoder->config). When I add requirePri=false in that field, ... We have integrated the IBM IAM via syslog but there is no supported parser, appreciate if any one has this parser and can share it. Table of Contents
How is Ransomware Deployed?