• VLC Shovel Fail

    I deployed a new Log Decoder and added it to one of our VLC's but shovel is failing. The second LD added successfully. However, trying to find out why this particular LD shovel is failing. I cannot find a KB related t...
    Dwayne Fryer
    last modified by Dwayne Fryer
  • Retaining Archiver post Decommissioning

    Quick question – if I need to decommission the entire RSA NetWitness platform / servers, but still need access to Archiver logs for a certain duration, what all components will I have to keep alive?  ...
    Visham Rawat
    created by Visham Rawat
  • Raw logs and Meta from Archiver to Splunk

    We've got a requirement to move all our raw logs and meta stored on the Archiver to the Splunk platform.   Now, I see there's a document on the Community that speaks of RSA NetWitness and Splunk. I’ve g...
    Visham Rawat
    last modified by Visham Rawat
  • Custom idle period for specific user

    I'm facing this problem on RSA NetWitness: I've to give a custom idle period to a specific user. I cannot found a way to set the idle individually. The only way according to the rsa_nw_11.3_sys_security_user_mgmt_gui...
    Simone Pizzini
    last modified by Simone Pizzini
  • Log Parser tool on Linux

    Currently the Log Parser Tool is built for Windows and Mac.     Using Wine 4.x you can install and run the Log Parser tool on Linux (Mint and Ubuntu)   To install and run the LPT on linux you nee...
    Dave Glover
    last modified by Dave Glover
  • lost endpoint event alert details after 11.4 upgrade

    Internal Use - Confidential   Hi folks,   Looking for some guidance troubleshooting an issue that cropped up in a training NW Endpoint environment after upgrading from to 11.4.   Looking at ...
    Eric Crawford
    created by Eric Crawford
  • File collection method to be used instead of Syslog collection method

    Task to accomplish: - Fortinet logs to be sent to log collector through file collection method (currently supported method is syslog). Require it to get parsed properly with file collection method like it is parsing t...
    Harshad Tuwar
    last modified by Harshad Tuwar
  • RSA Netwitness Logs and Network Product Information

    Hi,   Thank you for your question.   The NetWitness Logs and Packets is a previous product name we used for our platform, the databases and back-up features depend on the product version. What version/rele...
    Don Croad
    created by Don Croad
  • Unable to deploy ESA rule

    I get the following error while deploying the rule. I've check the syntax and it says rule is valid.   ESA was unable to deploy one or more rules, and these rules were disabled. Common issues include: missing me...
    Visham Rawat
    last modified by Visham Rawat
  • Difference between bytes, rbytes and bytes.src metakey

    I see bytes.src metakey is said to capture Bytes Sent. rbytes metakey is said to capture Bytes Received, and yet it is always empty. I do also see bytes metakey, the value of which is always greater than b...
    Visham Rawat
    last modified by Visham Rawat

    Hi Team,   Recently did the version upgrade of the RSA to, Would like to know whether we have the option to add the notes to all the incidents selected while bulk closing them together. Is there any opt...
    support soc
    last modified by support soc
  • Upgrading "New" v10.6.6 Log Gear to v11.2.0

    RSA, We just deployed some new log gear and I need assistance with getting this gear upgraded to v11.2.0. I have attempted to upgrade the devices with our v11.2.0 ISO and build stick but the issue comes into place wh...
    Dwayne Fryer
    last modified by Dwayne Fryer
  • No syslog collection option on the VLC

    The syslog collection option isn't showing up for the remote log collector. Not sure why? The other 9 collection methods show, but syslog doesn't on the VLC.
    Visham Rawat
    last modified by Visham Rawat
  • Data Retention Scheduler best practices

    What are the best practices when using the Data Retention Scheduler for NW Packet decoders/concentrators? We typically set the retention to 30 to 90 days. The default for "Run" is every 15 minutes which seems quite lo...
    Richard van den Berg
    last modified by Richard van den Berg
  • RSA archer and NW compatibility

    I'm upgrading to RSA NW 11.3.1 from NW 11.2 and using RSA Archer V6.3 Is my rsa archer V6.3 is compatible with NW 11.3.1 or I need to upgrade archer also..??
    Rahul Chauhan
    last modified by Rahul Chauhan
  • Palo Alto syslog format for RSA Netwitness

    I would like to know what syslog format Palo Alto send to RSA Netwitness for default i'm set  BSD, but in other SIEM's Syslog formart are (CEF or leef).
    Leandro Chistoni
    last modified by Leandro Chistoni
  • System Maintenance: /var/log drive is full

    Hello Guys,   Good Day!   In our environment we are facing /var/log drive full in one pf log decoder.   After du - sh * running come to know that drive is full due to cd/var/log/rabbitmq . ...
  • SA server not able to fetch node ID details

    Hi all,    We are using netwitness 11.1.0 but due to some log collection issue we were trying to remove and re-add the Log collector service in SA server. But now we are not able to add the log collector se...
    rajbir singh
    last modified by rajbir singh
  • Syslog Configuration

    syslog integration : Dear Team  while integration of Syslog Port 514 is not being accepting in syslog event source  In our RSA  env   Kindly support    Vijay Kumar Tumu 905...
    Siem sdc
    last modified by Siem sdc
  • Excel import to RSA Netwitness and compare it with the traffic

    Hi, may i know how can we import the ioc in excel sheet into RSA Netwitness, and compare the excel sheet with the current traffic in the RSA Netwitness to check whether the folllowing ioc in excel sheet is being ...
    Xue YQ
    last modified by Xue YQ