• Threat Intel Integration with MISP and Minemeld

    RSA NetWitness has a number of integrations with threat intel data providers but two that I have come across recently were not listed (MISP and Minemeld) so I figured that it would be a good challenge to see if they c...
    Eric Partington
    created by Eric Partington
  • Current API documentation?

    I've been struggling to find a copy of the API documentation. Any links I've been able to find are broken. Where can I locate it?
    Jacob Ruzi
    last modified by Jacob Ruzi
  • Easy-add Recurring Feeds

    In the past, I've seen a number of people ask how to enable a recurring feed from a hosting server that is using SSL/TLS, particularly when attempting to add a recurring feed hosted on the NetWitness Node0 server...
    Joshua Randall
    last modified by Joshua Randall
  • active directory user principal name

    active directory configuration
    Jouni Juntunen
    created by Jouni Juntunen
  • ESA Notification script broken in version 10.6.6.1

    If you use notification scripts as part of your ESA rules and recently migrated to version 10.6.6.1 you may have noticed that the output notification "script" is not working any more but no worries, the solution to th...
    Alejandro Negron
    last modified by Alejandro Negron
  • SAML and MFA

    Does NetWitness support SAML SSO authentication? With regards to Multi Factor Auth, are there other options aside from SecurID?   Thanks!
    Miguel Lallana
    last modified by Miguel Lallana
  • Contextualizing JA3 Fingerprints

    A couple years ago, a few smart folks over at salesforce came up with the idea of fingerprinting certain characteristics of the "Client Hello" of the SSL/TLS handshake, with the goal to more accurately identify the cl...
    Joshua Randall
    last modified by Joshua Randall
  • Services on NW 11.x Admin Server

    Service Command  Log File Location Purpose Admin Server service rsa-nw-admin-server restart /var/log/netwitness/admin-server/admin-server.log The NetWitness Suite Administration Server (Admin server) is...
    Twinkle Lath
    last modified by Twinkle Lath
  • RSA Threat Content mapping with MITRE ATT&CK™

    Introduction to MITRE ATT&CK™ Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) for enterprise is a framework which describes the adversarial actions or tactics from Initial Access (E...
    Prakhar Pandey
    last modified by Prakhar Pandey
  • Introducing the new Engineering Requests dashboard in the RSA Case Management portal

    One of the biggest commitments we at RSA make to our customers is to provide best-in-class security products that help manage digital risk.  Our goal is to do so with maximum reliability while also requiring mini...
    Anya Kricsfeld
    last modified by Anya Kricsfeld
  • Warehouse cluster down in 11.3

    Dear All,   We have upgraded the RSA SA from 10.6.6 to 11.3. Post upgrade we observed the warehouseconnector service not exist. Cluster ip missing in the assignment. Due to this my warehouse cluster is not avai...
    Shahnawaz Kohati
    created by Shahnawaz Kohati
  • Recommended max EPS for SA devices

    I can't seem to find any documentation, so I am turning to the community in hopes of finding some.  I am in need of what the maximum recommended EPS is for all of the various SA devices.  I realizes this can...
    RSA Admin
    last modified by RSA Admin
  • Has anyone experienced queries not saving when constructing a rule?

    I am experiencing an issue that the "where" statements logic is not saving when I click save. I have never seen this issue before. As a result, the rules are returning no data. I validated that the rule works and that...
    Eric Schwartz
    last modified by Eric Schwartz
  • A new RSA NetWitness® Platform 11.3 documentation page is live!

    Today RSA Link implemented a new way of presenting documentation to help RSA NetWitness® Platform customers find the information they need quickly and easily. RSA NetWitness Platform 11.3 presents the documentati...
    Susan Ewald
    last modified by Susan Ewald
  • RSA NetWitness® Platform Versions

    Click on a link below to visit the page for each product version. RSA NetWitness® Logs & Network | RSA NetWitness® Investigator | RSA NetWitness® Endpoint | RSA NetWitness® Orche...
    RSA Link Team
    last modified by RSA Link Admin
  • CertificateNotYetValidException error when upgrade version on Netwitness

    I try to install upgrade version 11.3.1.0 to ESA server from SA Server but I always failed with this error. below from chef-solo.log   Any Idea for this error?   Note:the ntp.conf on SA Server always was c...
    Worapot Ruanngam
    created by Worapot Ruanngam
  • training access

    Is it just me or is it impossible to get to the  RSA training sites.   I saw a blog post about a great and new system. But every link points to a DELL system where any pointer to RSA Netwitness leads to err...
    Hugo Van Der Kooij
    last modified by Hugo Van Der Kooij
  • Retention Rules & Purge logs from Archiver

    Hello,   I need to filter logs to be storage on Archiver. I need to disscard any log from device ip 1.1.1.1 and any log from device type 'winevent_nic' and from the device type 'winevent_snare' just need to keep...
  • rpcnetp.exe

    I have the rpcnetp.exe file on 84 clients On some clients, the IIOC score for the file is 400+. On some clients, the IIOC score is 10+.   1) Why is there a difference in the IIOC score for the exact same file?...
    T K Tan
    created by T K Tan
  • NetWitness Endpoint Analysis

    I am new NetWitness Endpoint 4.4. I need some advise/pointers on analysis in Netwitness. Please point me to some guides or posts that can help me to do my analysis. Advise on how to score some low hanging frui...
    T K Tan
    created by T K Tan