Hello, I'm looking for a way to install NetWitness 11 demo system on vmware with limited resources, so I would be grateful for any suggestions how to do it properly. Is it possible to lower amount of ... I deployed a new Log Decoder and added it to one of our VLC's but shovel is failing. The second LD added successfully. However, trying to find out why this particular LD shovel is failing. I cannot find a KB related t... Quick question – if I need to decommission the entire RSA NetWitness platform / servers, but still need access to Archiver logs for a certain duration, what all components will I have to keep alive? ... We've got a requirement to move all our raw logs and meta stored on the Archiver to the Splunk platform. Now, I see there's a document on the Community that speaks of RSA NetWitness and Splunk. I’ve g... I'm facing this problem on RSA NetWitness: I've to give a custom idle period to a specific user. I cannot found a way to set the idle individually. The only way according to the rsa_nw_11.3_sys_security_user_mgmt_gui... Currently the Log Parser Tool is built for Windows and Mac. Using Wine 4.x you can install and run the Log Parser tool on Linux (Mint and Ubuntu) To install and run the LPT on linux you nee... Internal Use - Confidential Hi folks, Looking for some guidance troubleshooting an issue that cropped up in a training NW Endpoint environment after upgrading from 188.8.131.52 to 11.4. Looking at ... Task to accomplish: - Fortinet logs to be sent to log collector through file collection method (currently supported method is syslog). Require it to get parsed properly with file collection method like it is parsing t... Hi, Thank you for your question. The NetWitness Logs and Packets is a previous product name we used for our platform, the databases and back-up features depend on the product version. What version/rele... I get the following error while deploying the rule. I've check the syntax and it says rule is valid. ESA was unable to deploy one or more rules, and these rules were disabled. Common issues include: missing me... I see bytes.src metakey is said to capture Bytes Sent. rbytes metakey is said to capture Bytes Received, and yet it is always empty. I do also see bytes metakey, the value of which is always greater than b... Hi Team, Recently did the version upgrade of the RSA to 184.108.40.206, Would like to know whether we have the option to add the notes to all the incidents selected while bulk closing them together. Is there any opt... RSA, We just deployed some new log gear and I need assistance with getting this gear upgraded to v11.2.0. I have attempted to upgrade the devices with our v11.2.0 ISO and build stick but the issue comes into place wh... The syslog collection option isn't showing up for the remote log collector. Not sure why? The other 9 collection methods show, but syslog doesn't on the VLC. What are the best practices when using the Data Retention Scheduler for NW Packet decoders/concentrators? We typically set the retention to 30 to 90 days. The default for "Run" is every 15 minutes which seems quite lo... I'm upgrading to RSA NW 11.3.1 from NW 11.2 and using RSA Archer V6.3 Is my rsa archer V6.3 is compatible with NW 11.3.1 or I need to upgrade archer also..?? I would like to know what syslog format Palo Alto send to RSA Netwitness for default i'm set BSD, but in other SIEM's Syslog formart are (CEF or leef). Hello Guys, Good Day! In our environment we are facing /var/log drive full in one pf log decoder. After du - sh * running come to know that drive is full due to cd/var/log/rabbitmq . ... Hi all, We are using netwitness 11.1.0 but due to some log collection issue we were trying to remove and re-add the Log collector service in SA server. But now we are not able to add the log collector se... I'm using version 11.2 but my VLC shows as 11.1 on host page, though they are already upgraded to 11.2. Need help..??