• RSA Upgrade

    We have two RSA solution in DC and DR and we are planning to upgrade DC RSA first after one week we will go to DR RSA.  In this case DC RSA first then DC RSA(11.2.1.1) will communicate DR RSA (10....
    Ved Shar
    created by Ved Shar
  • Group Policy

    I need to create use case for group policy change in AD server. Please suggest on this.
    Ved Shar
    last modified by Ved Shar
  • Patch Auditing With RSA Endpoint

    Is there an easy way to check which Microsoft KB's are installed using the RSA Endpoint agents? I can see installed Windows Patches under System Information in Hosts for a specific device, but I can't seem to find a w...
    Michail Piskoun
    last modified by Michail Piskoun
  • Meta count (>100000 - X%)

    I want to know the exact (event logs) count for a particular metakey-value.   Now, as per my understanding for the 'Event Outcome' metakey, the (event logs) count for the 'failure' metavalue is 37,003 eve...
    Visham Rawat
    last modified by Visham Rawat
  • Edit a Parsed meta value and remove unwanted data

    I need to edit a parsed meta value and remove an unwanted data from the parsed data.can some one help me with this.   example:-   raw log value:- obj = getval "nijo.d@xxxx.com"    meta par...
    Nijo David
    last modified by Nijo David
  • No syslog collection option on the VLC

    The syslog collection option isn't showing up for the remote log collector. Not sure why? The other 9 collection methods show, but syslog doesn't on the VLC.
    Visham Rawat
    last modified by Visham Rawat
  • Installation RSA netwitness 11

    Hello All,   I have a issue to install rsanwserver in version 11 in virtual world (vmware), the error appear about orchestration-server who not start at installation process log on intsallation :   Error n...
    Ange Olivier Ambemou
    last modified by Ange Olivier Ambemou
  • McAfee ePO antivirus threat event logs to RSA SA

    Hi,   I've integrated McAfee ePO 5.9.1 via ODBC to RSA SA. I'm receiving logs as well. However, on closer inspection, what I've noticed is that only ePO administrative event logs are being sent to SA. I'm ...
    Visham Rawat
    last modified by Visham Rawat
  • Latest NetWitness Investigator Freeware Client

    Welcome NetWitness Fans! In case you have not heard we just posted the latest revision of the NetWitness Investigator Freeware client. This is also an update to the Security Analytics 10.5 enterprise client to ...
    William Hart
    last modified by William Hart
  • Exclude the value for a meta

    obj.name= "WO0000000980344ganeshkarthick.s@xxxx.com"   how to exclude the work order "WO0000000980344" and get the email address alone from this meta. I have a requirement to write a rule with the email add...
    Nijo David
    last modified by Nijo David
  • REST API to CSV

    Hi all,   I've created the attached script, which I believe might be useful in certain circumstances. Mostly what it accomplishes can also be done by the Reporting and Alerting capabilities in SA/NextGen.  ...
    Rui Ataide
    last modified by Rui Ataide
  • Help Us Help You: Login Banner Line Breaks Not Rendering Properly

    Help Us Help You: Login Banner Line Breaks Not Rendering Properly.   When you enter text into the Login Banner in the NetWitness 11.x system you will notice that line breaks are not rendered automatically.  ...
    Jonathan Saxon
    last modified by Jonathan Saxon
  • IPV6

    Hi,   does RSA Netwitness For Logs and Packets supports IPV6? if yes, is it possible to change the IP for all devices (SA, Hybrid for logs, hybrid for packets, archiver, ESA, VLC and WLC) from IPv4 to ...
    Maroun Slim
    created by Maroun Slim
  • How to update an existing parser meta??

    Hi All,   We have integrated an O365 device in our SA. We are receiving the logs for the same. But for few the logs are not getting parsed and so the metas are not fully created. how to update an existing parser...
    Nijo David
    last modified by Nijo David
  • Meta/Parser

    Hi. I need to create a new goal that can extract a message contained within the "application / json" metadata. It's possible? content = "application / json"
    Maykon Junior Pinto
    last modified by Maykon Junior Pinto
  • A10 SSL device integration to SIEM

    I want to integrate the A10 SSL device logs to RSA SA is there any way to do that??
    Nijo David
    last modified by Nijo David
  • custom inject log report

    Dear All,   I have injected custom logs under RSA SA for some old dates and trying to run report on the same using "event_time" meta. Once logs uploaded, i can view current time in "time" meta and old time in "...
    Shahnawaz Kohati
    last modified by Shahnawaz Kohati
  • Integración del SIEM Qradar con RSA Archer 6.x / Integration of SIEM Qradar with RSA Archer 6.x

    Buen día!   Alguien tiene conocimiento o una guía sobre la integración del SIEM Qradar con RSA Archer 6.x   Saludos cordiales.   -----------------------------------------------------...
    Ricardo Hernandez
    last modified by Ricardo Hernandez
  • Help Us Help You: Using the Virtual Media function on iDRAC 6, 7, 8 and 9

    Help Us Help You: Using the Virtual Media function on iDRAC 6, 7, 8 and 9   Dell Technical Support has a great article on using the virtual media function in the iDRAC 6, 7, 8 and 9. This is often very useful wh...
    Jonathan Saxon
    created by Jonathan Saxon
  • SQL SERVER BEST PRACTICE LOG COLLECT

    Hello,   I'm trying to configure sql servers to send logs into RSA. Please can anyone share the experience which is the best recommanded way to do it ? The documents are just a bit confusing to me: File (ERRORLO...
    Ornaldo Naqellari
    last modified by Ornaldo Naqellari