• RSA NetWitness® Platform Versions

    Click on a link below to visit the page for each product version. RSA NetWitness® Logs & Network | RSA NetWitness® Investigator | RSA NetWitness® Endpoint | RSA NetWitness® Orche...
    RSA Link Team
    last modified by RSA Link Team
  • NetWitness Services List

    Hey NetWitness Users,      I recently received a pretty comprehensive listing of the various service names and locations of the NetWitness services!  I wanted to ensure I got this info out to the ...
    Robert Dredger
    last modified by Robert Dredger
  • Recently Published Knowledge Base Articles for RSA NetWitness® Endpoint

    Date Range: Sunday, April 7th -- Saturday, April 13th   Article Title Author Last Published Date 000037262 - Remote UI in RSA NetWitness Endpoint not returning any data for selected machines Michael Giuliano...
    RSA Link Team
    last modified by RSA Link Team
  • Recently Published Knowledge Base Articles for RSA NetWitness® Logs & Network

    Date Range: Sunday, March 31st -- Saturday, April 6th   Article Title Author Last Published Date 000035771 - Recurring Identity feed is not working when using the hostname or IP address of the Log Collector servi...
    RSA Link Team
    last modified by RSA Link Team
  • RSA NetWitness Working Groups

    RSA NetWitness Working Groups   RSA NetWitness Working Groups provide a mechanism for collaboration by the product team with our customers.  Working Groups are formed to address specific areas of the RS...
    Brian Dunphy
    last modified by William Hart
  • Recently Published Knowledge Base Articles for RSA NetWitness® Orchestrator

    Date Range:  Sunday, January 20th -- Saturday, January 26th   Article Title Author Last Published Date 000036240 - Why do I get an "Unauthorized" message when attempting to access the RSA NetWitnes...
    RSA Link Team
    last modified by RSA Link Team
  • RSA NetWitness WinRM Event Source Troubleshooting - PowerShell Script

    Matthew Bradley
    last modified by Matthew Bradley
  • Threat Detection Content Update - October 2018

    Summary: Several changes have been made to the Threat Detection Content in Live. For added detection you need to deploy/download and subscribe to the content via Live, for retired content you'll need to manually remov...
    Rajas Save
    last modified by Rajas Save
  • Parsing Suricata JSON logs with NW

    To successfully parse Suricata JSON logs via syslog collector we need to use LUA parser in NetWitness Log Decoder. Suricata LUA parser in this example is mapping only specific fields from JSON logs to metakeys. In ca...
    Miha Mesojedec
    last modified by Miha Mesojedec
  • How to use non-root user to run root privilege commands in Netwitness server putty

    This document helps to allow non-root user to run root privilege commands without root password.   1. Login to Netwitness server putty as root user. 2. Create new user account using command useradd testin...
    Sravan Koneti
    last modified by Sravan Koneti
  • LogRhythm - RSA NetWitness Suite Integration Guide

    The 'NetWitness-LogRhythm' integration guide contains references on how to enable basic right-click functionality to pivot from LogRhythm to Netwitness via the Critical Start Plugin, how to forward Audit Logs, &a...
    Michael Dickerson
    last modified by Michael Wolff
  • Interpreting Regex for IP range

    This document outlines the procedure to interpret the regex used for IP range in EPL syntax.   {1,3} represents 3 digit number [0-9] represents range number starting from 0 to 9   [0-9]{1,3} represen...
    Sravan Koneti
    last modified by Sravan Koneti
  • Special Offer: RSA University On-Demand Subscriptions for the RSA NetWitness Platform

    Start your learning journey to Business-Driven Security with RSA University’s new On-Demand Subscription. This offering provides learners a flexible way to access the training they need when they need ...
    David Dewald Jr.
    created by David Dewald Jr.
  • Notepad++ Syntax Highlighting

    This might help some of you that write application rules in NWR format using Notepad++ to colorize some syntax elements of nwr files   GitHub - epartington/rsa_nw_nwr_notepadpp: NetWitness Apprule syntax highlig...
    Eric Partington
    last modified by Eric Partington
  • Proxy configuration validation for Netwitness

    Suppose, the proxy details configured using SA Cfg: HTTP Proxy Settings Panel  document. However, the Proxy test connection fails as CMS server was not reachable.  Then, Please run below command in SA ...
    Sravan Koneti
    last modified by Sravan Koneti
  • Services on NW 11.x Admin Server

    Service Command  Log File Location Purpose Admin Server service rsa-nw-admin-server restart /var/log/netwitness/admin-server/admin-server.log The NetWitness Suite Administration Server (Admin server) is...
    Twinkle Lath
    last modified by Twinkle Lath
  • Customer Ready RSA NetWitness Suite v11 presentation.pdf

    High level overview of new capabilities in RSA NetWitness Suite - including cloud and RSA Logs and Packets version 11 features.#
    Mary Roark
    last modified by Mary Roark
  • VLC Failover without using a third-party load balance solution

    VLC Configuration steps   A) On Each VLC do following steps:   1) Enable yum repositories on VLC’s. # vi /etc/yum.repos.d/CentOSBase.repo #set enable to 1   2) Install Keepalived on both VLC...
    Ishtiyaq Shah
    last modified by Ishtiyaq Shah
  • Archiver Configuration Guide for Version 10.6.5

    Sarala Sampath
    created by Sarala Sampath
  • RSA NetWitness Event Stream Analysis (ESA) Rules

    LB4-W04 - RSA NetWitness Suite ESA / EPL Hands-On Lab- (Advanced) Angela Stranahan - Software Principal Engineer, RSA   This lab will give participants working knowledge of Event Stream Analysis (ESA) within th...
    RSA Link Team
    last modified by RSA Link Team