Skip navigationLog in to follow, share, and participate in this community. The NetWitness Platform IDD team just added a new video for installing and configuring a Relay Server (How to Install and Configure an Endpoint Relay Server). See the NetWitness Platform Documentation page under Video... New video for installing and configuring an Endpoint Relay Server
BackWhich ports do I need to open for collecting logs from windows servers? Far as I know it's 5985 or 5986, bi-directional, between the windows event source and rsa sa log collector. Do I also need to open port 80 or 44... Ports for Windows server log collection
BackHow can we include a metakey for storage on the Archiver? I see the device.host is not included. Unable to generate historical reports on this metakey. Also, when we query the Archiver for session size (in by... Can we have multiple Concentrators aggregating from 1 Decoder? I hope this doesn't result in duplication of events? If we have let's say 2 Concentrators aggregate from a Decoder actively, only those events which haven... 1 Decoder to Multiple Concentrators
BackHi If we look at winevent_nic parser and take 4732 event as example (User was added to group) than user who perfromed action is placed in user.dst meta and user which was added to group (new member) is placed to user.... Sources and Destinations metas logic
BackHi All, Can anyone explain, how to add list while creating any rule? while creating a rule its showing the error as shown below in attached snapshot . We have two RSA solution in DC and DR and we are planning to upgrade DC RSA first after one week we will go to DR RSA. In this case DC RSA first then DC RSA(11.2.1.1) will communicate DR RSA (10.... I need to create use case for group policy change in AD server. Please suggest on this. Is there an easy way to check which Microsoft KB's are installed using the RSA Endpoint agents? I can see installed Windows Patches under System Information in Hosts for a specific device, but I can't seem to find a w... Patch Auditing With RSA Endpoint
BackI want to know the exact (event logs) count for a particular metakey-value. Now, as per my understanding for the 'Event Outcome' metakey, the (event logs) count for the 'failure' metavalue is 37,003 eve... Meta count (>100000 - X%)
Back- The password for deploy_admin user should be same across all appliances. - This user is used to connect rabbitmq, few mongo db tables(more or like guest user in 10.x version) - If you change the deploy_admin ... Important information on user "deploy_admin" in NW 11.0
BackI need to edit a parsed meta value and remove an unwanted data from the parsed data.can some one help me with this. example:- raw log value:- obj = getval "nijo.d@xxxx.com" meta par... Edit a Parsed meta value and remove unwanted data
BackThe syslog collection option isn't showing up for the remote log collector. Not sure why? The other 9 collection methods show, but syslog doesn't on the VLC. No syslog collection option on the VLC
BackHello All, I have a issue to install rsanwserver in version 11 in virtual world (vmware), the error appear about orchestration-server who not start at installation process log on intsallation : Error n... Installation RSA netwitness 11
BackHi, I've integrated McAfee ePO 5.9.1 via ODBC to RSA SA. I'm receiving logs as well. However, on closer inspection, what I've noticed is that only ePO administrative event logs are being sent to SA. I'm ... McAfee ePO antivirus threat event logs to RSA SA
BackWelcome NetWitness Fans! In case you have not heard we just posted the latest revision of the NetWitness Investigator Freeware client. This is also an update to the Security Analytics 10.5 enterprise client to ... Latest NetWitness Investigator Freeware Client
Backobj.name= "WO0000000980344ganeshkarthick.s@xxxx.com" how to exclude the work order "WO0000000980344" and get the email address alone from this meta. I have a requirement to write a rule with the email add... Exclude the value for a meta
BackHi all, I've created the attached script, which I believe might be useful in certain circumstances. Mostly what it accomplishes can also be done by the Reporting and Alerting capabilities in SA/NextGen. ... Help Us Help You: Login Banner Line Breaks Not Rendering Properly. When you enter text into the Login Banner in the NetWitness 11.x system you will notice that line breaks are not rendered automatically. ... Help Us Help You: Login Banner Line Breaks Not Rendering Properly
BackHi, does RSA Netwitness For Logs and Packets supports IPV6? if yes, is it possible to change the IP for all devices (SA, Hybrid for logs, hybrid for packets, archiver, ESA, VLC and WLC) from IPv4 to ...
