Log in to follow, share, and participate in this community. I have a list of IOC IPs and want to stand up a rule and alert. Does anyone know where I can find information on this process? I'm a VERY green n00b who starts training next month. Thanks Im trying to reduce a xfs partition. Unfortunely when i try to create packet of the metadb/packetdb/index, etc the xfsdump is not installed. Is there any way taht i can create backup and then export da... In order to defend their network effectively, analysts need to understand the threat landscape, and more specifically how individual threats present themselves in their tools. With that in mind, I started researching ... We recently upgraded from NetWitness 10.6.6 to 11.3. Several rules got disabled during the upgrade and they no longer work. I suppose it is mainly because directory meta changed type from string to string, so that i... Hi all, I'm new with NW and I have a couple of basic questions. I'm trying to deploy NW on AWS so, for now, I succeed to install and login to the NW platform using the Lite Version. Q: How can I get the ful... I need to gather data about the utilization of our Netwitness 11. Has anybody created reports that provide numbers of sessions, logs, packets, bandwidth, etc. captured by the decoders? /D To successfully parse Suricata JSON logs via syslog collector we need to use LUA parser in NetWitness Log Decoder. Suricata LUA parser in this example is mapping only specific fields from JSON logs to metakeys. In ca... I need to prepare a VM on Azure and I am unsure what settings for this environment. Does anyone have any suggestions? It will be a VM Log Hybrid, 1000 EPS, with maximum storage of 3 days of information. Hello all, Could you help? We need to set filtering on packet decoder. In Decoder Configuration on Adapter we set Berkeley Packet Filter. But we don't see the decrease of incoming traffic. Could you help -... Hi All, We have recently moved to v18.104.22.168 on Netwitness and I am trying ot use the default Event Source monitoring to send syslog to one of our decoders when a device is inactive for a certain period of time... A couple of days ago on Github, Hackndo released a tool (https://github.com/Hackndo/lsassy) that is capable of dumping the memory of LSASS using LOLBins (Living of the Land Binaries) - typically we would see attackers... i'm trying to do the integration (Archer/NetWitness), i'm following the guide that is provided in the official site, but i'm stucked in the part that i need to create a custom feed, when i'm in the "define columns" ta... Hi Team, Recently did the version upgrade of the RSA to 22.214.171.124, Would like to know whether we have the option to add the notes to all the incidents selected while bulk closing them together. Is there any opt... Date Range: Sunday, December 22nd -- Saturday, December 28th Article Title Author Last Published Date 000038245 - Unable to export Application Rules in RSA NetWitness Platform 11.x when there are more than... Date Range: Sunday, December 22nd -- Saturday, December 28th Article Title Author Last Published Date 000029763 - RSA NetWitness Endpoint RSA Live configuration error, Could not establish trust relationshi... I just updated to 126.96.36.199 from 188.8.131.52. One of my hosts is stuck on 'rebooting'. It will time out after a while When trying to reboot from the GUI nothing happens on the host and the status of 'rebooting' will jus... Overview
To ISO or Not to ISO
VM Host Sizing
Raw Event Data Storage
Validate Folder Sizes - RSA NetWitness Platform Databases
Validate Thresholds - MongoDB
Minimu... When running the following command on my endpoint log hybrid. It fails with the subsequent errors. chef-solo --no-color --logfile "/var/log/netwitness/config-management/chef-solo.log" --format doc --config /var... Dears, can someone provide me with the SA stencils? Hello all, Recently, I configured a new custom parser for a customer, and successfully modified all index-concentrator-custom, index-logdecoder-custom and table-map-custom files, across three separate co...