• Meta/Parser

    Hi. I need to create a new goal that can extract a message contained within the "application / json" metadata. It's possible? content = "application / json"
    Maykon Junior Pinto
    last modified by Maykon Junior Pinto
  • A10 SSL device integration to SIEM

    I want to integrate the A10 SSL device logs to RSA SA is there any way to do that??
    Nijo David
    last modified by Nijo David
  • custom inject log report

    Dear All,   I have injected custom logs under RSA SA for some old dates and trying to run report on the same using "event_time" meta. Once logs uploaded, i can view current time in "time" meta and old time in "...
    Shahnawaz Kohati
    last modified by Shahnawaz Kohati
  • Integración del SIEM Qradar con RSA Archer 6.x / Integration of SIEM Qradar with RSA Archer 6.x

    Buen día!   Alguien tiene conocimiento o una guía sobre la integración del SIEM Qradar con RSA Archer 6.x   Saludos cordiales.   -----------------------------------------------------...
    Ricardo Hernandez
    last modified by Ricardo Hernandez
  • Help Us Help You: Using the Virtual Media function on iDRAC 6, 7, 8 and 9

    Help Us Help You: Using the Virtual Media function on iDRAC 6, 7, 8 and 9   Dell Technical Support has a great article on using the virtual media function in the iDRAC 6, 7, 8 and 9. This is often very useful wh...
    Jonathan Saxon
    created by Jonathan Saxon
  • SQL SERVER BEST PRACTICE LOG COLLECT

    Hello,   I'm trying to configure sql servers to send logs into RSA. Please can anyone share the experience which is the best recommanded way to do it ? The documents are just a bit confusing to me: File (ERRORLO...
    Ornaldo Naqellari
    last modified by Ornaldo Naqellari
  • Exporting and Re-Injecting Logs and Maintain Original Date/Time

    There are times when you would like to export data from a log decoder and then re inject it into a new log decoder.   Typically you would do this through the investigator interface, save the file and then upload...
    Dave Glover
    last modified by Dave Glover
  • Disable Data Reconstruction

    Hi,   Does anyone has a solution to disable the data reconstruction feature as it is not mentioned in any guide?   Investigation: Reconstruct an Event    Br, Maroun Slim
    Maroun Slim
    last modified by Maroun Slim
  • Account rights for Active Directory Enrichment

    I have been looking at setting up Active Directory as an enrichment source for my context hub.  The documentation discusses needing an account, but does not identify the set of rights the account needs within AD ...
    Dion Stempfley
    last modified by Dion Stempfley
  • FireEye CMS Log Parsing

    We are trying to import logs from FireEye Central Management System (CMS).  One of the logging formats for FE CM is Common Event Format (CEF).  Has anybody configured custom cef parsing for this de...
    Dion Stempfley
    last modified by Dion Stempfley
  • Interesting DNS Tunneling Content

    The Domain Name Service (DNS) allows machines to convert human readable domain names like google.com into their machine addresses.   In this post, I talk about how DNS tunneling works and present some content th...
    Matthew Tharp
    last modified by Matthew Tharp
  • Monitoring RSA SA components via snmp

    So, we've got SNMP Settings under Legacy Notifications, where we've configured the address of our network monitoring tool, Solarwinds.   My question is, once this is setup, will snmp traps be sent to report on ...
    Visham Rawat
    created by Visham Rawat
  • Raw logs and metadata storage and flow

    I just wanted a clearer understanding of the flow of raw logs and metadata and how and where they're stored within the RSA SA architecture componentry. My current understanding is, the raw logs are sent via the VLCs...
    Visham Rawat
    last modified by Visham Rawat
  • An error occurred publishing to an AMQP channel: : a socket error occurred

    Hello,   Please help me in resolving this error   Dec 18 14:36:15 NWAPPLIANCE24603 nw[11976]: [AMQPClientBase] [failure] An error occurred creating an AMQP channel: : a socket error occurred Dec 18 14:36:1...
    Moses Fernandes
    last modified by Moses Fernandes
  • Error! 401/Unauthorized. Possible causes: - Invalid credentials

    Hello, I'm  facing a problem today with two of my servers that are not in domain. The password and the username of the local user we are using is OK. Attach are the setting of event sources i have configured. &...
    Ornaldo Naqellari
    last modified by Ornaldo Naqellari
  • Windows PowerShell Transcription Logs

    How to forward the Windows PowerShell Transcription Logs which is stored locally on the AD server or which are stored on a centralised server to RSA netwitness 
  • Netwitness use cases from Dell's cyber-incident

    It would be interesting to use this example to promote Netwitness and show how the different Netwitness modules (endpoint, ueba and core siem) were able to make a difference in this incident compared to other tools. &...
    Marinos Roussos
    last modified by Marinos Roussos
  • RSA Live ESA Rule is not sending emails

    Hello, We have two RSA Live Rules: Detects Firewall Configuration Changes & Detects Router Configuration Attempts. The syntax is like below: For Routers: /* Version: 3 */   module Module_esa000069;  ...
    Ornaldo Naqellari
    last modified by Ornaldo Naqellari
  • Netwitness 11.2 - ESA Rules

    Hi, we are now configuring netwitness 11.2 and on "ESA rules" tab under "Configure" we have no rules yet. I was wondering if there is a set of baseline rules that can be implemented instantly, instead of  addi...
    Adi Shraga
    last modified by Adi Shraga
  • Help Us Help You: Full Filesystem on RSA NetWitness Appliance.

    Help Us Help You: Full Filesystem on RSA NetWitness Appliance.   Should you encounter a full filesystem on RSA Netwitness appliance it is helpful to tell us which filesystem(s) are full when you open the case....
    Jonathan Saxon
    created by Jonathan Saxon