Log in to follow, share, and participate in this community. When accessing the RESTful API as described in SDK Commands I was used to seeing the /sdk form as displayed on page 15 of that PDF: However, in 22.214.171.124 the form is no longer there. Only the static links shown on p... Is it possible to restrict the ability to view groups of hosts in NetWitness endpoint by permissions? Ie. Analyst A is only allowed to see hosts that are assigned to USA, Analyst B are allowed to see hosts in the EME... Is anyone else having issues finding expected meta from the HTTP_lua parser? Particularly I'm concerned that the latest version of the parser may not be parsing out these pieces of meta <below> but there... I'm working on a packet parser that I could use some Community help with. Essentially I'm trying to find a token and then register that token as meta in an existing key. Additionally, if more than one token is found ... I have made a host entry on the netwitness endpoint server for the relay server but the platform is not resolving it from the UI. although it perfectly resolves from the CLI. What are the best practices when using the Data Retention Scheduler for NW Packet decoders/concentrators? We typically set the retention to 30 to 90 days. The default for "Run" is every 15 minutes which seems quite lo... During a recent customer engagement, I found the "customtcp shell" meta with some very interesting sessions. All of the traffic was using what appeared to be custom encryption and the destination IP was based in... Over the past year, I have posted multiple blogs whereby I perform APT (Advanced Persistent Threat) emulation and analyse the forensic footprint left behind after the attack using the NetWitness platform. In this post... I was doing some hunting through our lab traffic today and came across some strange looking traffic, it turned out to be Rui Ataide playing around with a new DNS C2. It is named WEASEL and can be found ... What compression ratios do the different levels of meta.compression.level and packet.compression.level effectively translate to with the different packet.compression and meta.compression values? I.e. if w... Click on a link below to visit the page for each product version. RSA NetWitness® Logs & Network | RSA NetWitness® Investigator | RSA NetWitness® Endpoint | RSA NetWitness® Orche... Hello everyone! The Team here surged with a question regarding the possibility to check on Netwitness wether ir not there is duplicated Traffic. It is more like, using Netwitness to point Network maps being ob... Hello. Is there a way to limit the individual size of the logs that NetWitness 11.2 collect? Thanks. Dear ! As far as I know, the meta key display will be 256 characters, is there any way to expand it or not? I'm upgrading to RSA NW 11.3.1 from NW 11.2 and using RSA Archer V6.3 Is my rsa archer V6.3 is compatible with NW 11.3.1 or I need to upgrade archer also..?? We are seeing a lot of sessions come through with Brotli compression. Is there any thoughts about uncompressing this traffic so that the Netwitness parsers can leverage the uncompressed packet? Notice the ... I have recently been posting a number of blogs regarding the usage of the RSA NeWitness Platform to detect attackers within your environment. As the list of the blogs grow, it is becoming increasingly difficult to nav... Health and Wellness leverages RabbitMQ to be able to collect the actual status of any components of the RSA Netwitness platform. After changing an IP on a component the Health and Wellness keep communicating... In NetWitness endpoint, I deployed the Endpoint bundle pack to ESA, I was surprised to find that there wasn't an alert generated when a process dump file was created. Is there an alert within RSA live to ale... I am running NetWitness version 126.96.36.199 and was trying to set up collecting and reporting on CAS logs into the SIEM. We are collecting exchange server logs. Is there a way to do this?