• ESA Notification script broken in version 10.6.6.1

    If you use notification scripts as part of your ESA rules and recently migrated to version 10.6.6.1 you may have noticed that the output notification "script" is not working any more but no worries, the solution to th...
    Alejandro Negron
    last modified by Alejandro Negron
  • Services on NW 11.x Admin Server

    Service Command  Log File Location Purpose Admin Server service rsa-nw-admin-server restart /var/log/netwitness/admin-server/admin-server.log The NetWitness Suite Administration Server (Admin server) is...
    Twinkle Lath
    last modified by Twinkle Lath
  • RSA NetWitness® Platform Versions

    Click on a link below to visit the page for each product version. RSA NetWitness® Logs & Network | RSA NetWitness® Investigator | RSA NetWitness® Endpoint | RSA NetWitness® Orche...
    RSA Link Team
    last modified by RSA Link Admin
  • Recently Published Knowledge Base Articles for RSA NetWitness® Logs & Network

    Date Range: Sunday, September 22nd -- Saturday, September 28th   Article Title Author Last Published Date 000029623 - DAC script(NwArrayConfig.py) never completes after running in RSA NetWitness Platfor...
    RSA Link Team
    last modified by RSA Link Team
  • Recently Published Knowledge Base Articles for RSA NetWitness® Endpoint

    Date Range: Sunday, September 22nd -- Saturday, September 28th   Article Title Author Last Published Date 000030415 - Unable to save a local copy of a file in RSA ECAT Vincent Wareham 27 Sep 2019 000030...
    RSA Link Team
    last modified by RSA Link Team
  • Recover forgotten root password on CentOS 7

    Synopsis Normally resetting the root password is a simple task if you’re logged in already with root privileges, however if you forget the password and need to change it things become a little more difficult. Th...
    John Snider
    last modified by John Snider
  • Parsing Suricata JSON logs with NW

    To successfully parse Suricata JSON logs via syslog collector we need to use LUA parser in NetWitness Log Decoder. Suricata LUA parser in this example is mapping only specific fields from JSON logs to metakeys. In ca...
    Miha Mesojedec
    last modified by Miha Mesojedec
  • Centralized Backup & Restore of NetWitness Version 11.2+  (A Wrapper Script for NRT)

    Scenario You need to remotely backup your NetWitness hosts to a central location, to satisfy Disaster Recovery Requirements, perform a Tech Refresh, or to be prepared for RMA replacement of a device. Solution – ...
    John Snider
    last modified by John Snider
  • Refresh ESA Meta Key Schema

    Some customers have seen issues with their Meta Key References (meta key schema) after an upgrade of the ESA service. In the following screenshot, we see a clean version of the meta key schema -- however, in your envi...
    Naushad Kasu
    last modified by Naushad Kasu
  • Consolidating your backups and maximizing NRT (NetWitness Recovery Tool)

    Changes are inevitable and no one knows when a restore is going to be needed.  Today backup and restore processes  are standard, required, and are part of nearly all basic deployment strategies.  W...
    Thomas Jones
    last modified by Thomas Jones
  • Creating and using an external repo in 11.x

    Scenario - Due to a slow or unstable WAN link between host(s) and the NW Admin Server (node-zero) host, installs and/or upgrades are failing to complete successfully. Solution – External Repo Create an extern...
    John Snider
    last modified by John Snider
  • SNMP with Netwitness Appliances – Put it all together 11.x

    Scenario – You or your customer would like to link SNMP to the Netwitness for system monitoring purposes (Solarwinds, Nagios, etc.).   Why SNMP? SNMP is an “agentless” method of monitoring netw...
    Thomas Jones
    last modified by Thomas Jones
  • RSA NetWitness Working Groups

    RSA NetWitness Working Groups   RSA NetWitness Working Groups provide a mechanism for collaboration by the product team with our customers.  Working Groups are formed to address specific areas of the RS...
    Brian Dunphy
    last modified by Guy Williams
  • NetWitness Services List

    Hey NetWitness Users,      I recently received a pretty comprehensive listing of the various service names and locations of the NetWitness services!  I wanted to ensure I got this info out to the ...
    Robert Dredger
    last modified by Robert Dredger
  • Recently Published Knowledge Base Articles for RSA NetWitness® Orchestrator

    Date Range:  Sunday, January 20th -- Saturday, January 26th   Article Title Author Last Published Date 000036240 - Why do I get an "Unauthorized" message when attempting to access the RSA NetWitnes...
    RSA Link Team
    last modified by RSA Link Team
  • RSA NetWitness WinRM Event Source Troubleshooting - PowerShell Script

    Matthew Bradley
    last modified by Matthew Bradley
  • Threat Detection Content Update - October 2018

    Summary: Several changes have been made to the Threat Detection Content in Live. For added detection you need to deploy/download and subscribe to the content via Live, for retired content you'll need to manually remov...
    Rajas Save
    last modified by Rajas Save
  • How to use non-root user to run root privilege commands in Netwitness server putty

    This document helps to allow non-root user to run root privilege commands without root password.   1. Login to Netwitness server putty as root user. 2. Create new user account using command useradd testin...
    Sravan Koneti
    last modified by Sravan Koneti
  • LogRhythm - RSA NetWitness Suite Integration Guide

    The 'NetWitness-LogRhythm' integration guide contains references on how to enable basic right-click functionality to pivot from LogRhythm to Netwitness via the Critical Start Plugin, how to forward Audit Logs, &a...
    Michael Dickerson
    last modified by Michael Wolff
  • Interpreting Regex for IP range

    This document outlines the procedure to interpret the regex used for IP range in EPL syntax.   {1,3} represents 3 digit number [0-9] represents range number starting from 0 to 9   [0-9]{1,3} represen...
    Sravan Koneti
    last modified by Sravan Koneti