Log in to follow, share, and participate in this community. I’m having trouble with a few fields while using the native parser of Arbor Peakflow SP. I have created a few Log Parser Rules but as noted, they do not override any meta that has already been parsed in the orig... Lately I have been using the sftpagent quite a bit for moving log files to NetWitness. I have been running into the same issue on installs recently. The issue happens on the first sftpagent agent co... Hello All, We have window's server integrated on VLC using winrm and we are facing some issue in log collection time. we have checked raw event log and found there is huge gap in event... Hi, What is the meaning of - in front of the values.Please help. Thanks! I am using Netwitness 10.6. During the install it says I will have to update disk space. I have added a disk to the Virtual host for my LogDecoder. Where does LogDecoder store log files?... I'm sure many have heard about the recent DNS vulnerability titled SIGRed. This one looks pretty bad. https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-... I use the TheHive - https://thehive-project.org/ as our Incident Case management tool of choice. I've started the investigation process of integrating NetWitness and the TheHive together for alerts and recording... We have a number of endpoints that exist in DMZ environments that are serviced by a VLC for log collection from syslog devices. The hosts in the DMZ can only talk to the VLC and cannot talk back to any other NetWitne... I have a VM deployment scenario for logs and packets in Azure. I'm not able to design a scenario well to reflect on the correct implementation of this machine in Azure. If anyone can help me get an idea, I'd appr... Hi Team, A quick heads up for those installing NetWitness Endpoint agent on CentOS 6. If you are using prelink process within the host, you might need to disable it to improve stability of the endpoint agent a... I have created a few "how to videos" that I hope you find helpful. They are posted to YouTube and I have included the links below. They are as follows: Demo of the new ESI tool -->https://yout... All, New user question. I am using nxlog to send windows event logs to netwitness. I see that the data is being sent. I am not sure about the difference between the local collector and the decode... After setting up UEBA You need to make sure you are collecting the following Event IDs from Hosts as well as Network Events Active Directory Model -> device.class = 'windows hosts' && referenc... Hi Sir/Madam, I want to integrate Active Directory with Netwitness. I know I can add AD in context hub service. But what I want is sending AD Audit logs to Log decoder. I can't find such a thing in Internet. C... Hello all, We're currently using version 11.1 of RSA NW and in the Incidents rule we have a new aggregation value that's handy: "Destination User Account". In the past, we've been having problems creat... Hi, We use RSA Netwitness 11.3 version and we have a requirement to create a dashboard to display the status of existing incidents created by our SOC Staff. Is this possible? if yes please guide how to create the das... Como eu poderia criar um alerta de tentativa de acesso as portas 389 e 636 por alguém usando o usuário anônimo? How could I alert an attempt to access ports 389 and 636 where someone would ... With the increase in demand for working remotely and limitations around travel it’s never been more important to have secure, reliable, remote access to your RSA NetWitness Platform. For our customers who ... During Forensic investigation using RSA/NetWitness system, one often need to save raw packet data and meta values from particular interested sessions into pcap or xml/JSON files before the captured data is rolled out ... Hello Everyone, I am looking for below queries on packet data.Can anyone help me please 1. Longest sessions 2. Top attachment sizes Thank You. Regards, Amjad.