Log in to follow, share, and participate in this community. Hi, may i know how can we import the ioc in excel sheet into RSA Netwitness, and compare the excel sheet with the current traffic in the RSA Netwitness to check whether the folllowing ioc in excel sheet is being ... Hello All, We are in process to integrate DB2 with RSA netwitness 11.1. We checked the RSA integration document and found DB2 integration for windows and AIX is already supported. Can... Date: 30 November, 2016 From: Tim Underhay (email@example.com) To: All Owners... Hi All, We are facing issue in installing log decoder and log collector service on log decoder. we found that log collector service is missing on log decoder and while we tried to add it ma... Dears, Does anyone knows which trap OID we should use in legacy and global notification server settings for SNMP server. I am getting snmp traps in my SNMP server which is IBM Tivoli also k... Hi all, We are using netwitness 11.1.0 but due to some log collection issue we were trying to remove and re-add the Log collector service in SA server. But now we are not able to add the log collector se... Hi all, Facing some issue in VLC log forwarding . I found logs are not coming to log decoder and once i checked vlc then foun vlc itself not sending logs and showing shovel failed on destination coll... Upgrade from RSA SA 10.6.6 to NetWitness 11.3. I've run the backup script, and am getting the following error for 4 of my 18 machines, others are fine. 2019-09-10 18:32:47 +0100 | 29554 | Backing up ETC(/etc) ... In previous versions of Netwitness Investigator 9.x, there was a debug mode made available for load times. After configuring for debug mode it is possible to find the load times of each meta value and the total l... Is there no way to drop the behind sessions from being processed on the Concentrator? For instance, we can delete the rdq files from the Log Decoder. Is there no similar way on the Concentrator? What exactly is Aggregate Hours? The description says - "the hours back to begin aggregation, the milliseconds between rounds of aggregation, and maximum number of sessions per aggregation round." W... In upgrading from RSA SA 10.6.6 to NetWitness 11.3 - the downtime begins as soon as we run the backup script, right? We've got to stop the aggregation and processing of logs prior to executing backup. Also, the ... Is there an alternative to setting up an external CentOS backup host for the backup procedure prior to migration to 11.3? I was informed that we can use the SA Head Unit as the backup host. Can this be done? ... Just want to confirm a couple of points, and hopefully I have the right understanding! The Backup process for upgrading RSA SA 10.6.6 to RSA NetWitness 11.3 basically captures all the configuration for all RS... The NetWitness Platform IDD team just added a new video for installing and configuring a Relay Server (How to Install and Configure an Endpoint Relay Server). See the NetWitness Platform Documentation page under Video... Which ports do I need to open for collecting logs from windows servers? Far as I know it's 5985 or 5986, bi-directional, between the windows event source and rsa sa log collector. Do I also need to open port 80 or 44... How can we include a metakey for storage on the Archiver? I see the device.host is not included. Unable to generate historical reports on this metakey. Also, when we query the Archiver for session size (in by... Can we have multiple Concentrators aggregating from 1 Decoder? I hope this doesn't result in duplication of events? If we have let's say 2 Concentrators aggregate from a Decoder actively, only those events which haven... Hi If we look at winevent_nic parser and take 4732 event as example (User was added to group) than user who perfromed action is placed in user.dst meta and user which was added to group (new member) is placed to user.... Hi All, Can anyone explain, how to add list while creating any rule? while creating a rule its showing the error as shown below in attached snapshot .