• Expand the display of the meta key

    Dear !  As far as I know, the meta key display will be 256 characters, is there any way to expand it or not?  
    chien nguyen
    last modified by chien nguyen
  • RSA archer and NW compatibility

    I'm upgrading to RSA NW 11.3.1 from NW 11.2 and using RSA Archer V6.3 Is my rsa archer V6.3 is compatible with NW 11.3.1 or I need to upgrade archer also..??
    Rahul Chauhan
    last modified by Rahul Chauhan
  • Brotli compression

    We are seeing a lot of sessions come through with Brotli compression.   Is there any thoughts about uncompressing this traffic so that the Netwitness parsers can leverage the uncompressed packet? Notice the ...
    Paul Calamari
    last modified by Paul Calamari
  • Profiling Attackers Series

    I have recently been posting a number of blogs regarding the usage of the RSA NeWitness Platform to detect attackers within your environment. As the list of the blogs grow, it is becoming increasingly difficult to nav...
    Lee Kirkpatrick
    last modified by Lee Kirkpatrick
  • Health & Wellness uses an old IP for connecting to a device - How to Resolve

    Health and Wellness leverages RabbitMQ to be able to collect the actual status of any components of the RSA Netwitness platform. After changing an IP on a component the Health and Wellness keep communicating...
    Xavier Trepanier-Taupier
    last modified by Xavier Trepanier-Taupier
  • NWE: Alert when process dump created

    In NetWitness endpoint, I deployed the Endpoint bundle pack to ESA, I was surprised to find that there wasn't an alert generated when a process dump file was created.   Is there an alert within RSA live to ale...
    Jeremy Kerwin
    created by Jeremy Kerwin
  • How do you set up Windows Exchange server CAS logs to NetWitness?

    I am running NetWitness version 11.3.1.0 and was trying to set up collecting and reporting on CAS logs into the SIEM. We are collecting exchange server logs. Is there a way to do this?
    Eric Schwartz
    created by Eric Schwartz
  • Amazon Detective and RSA NetWitness Platform Integration

    Amazon Detective is an Amazon Web Services (AWS) threat hunting platform (pre-release at the time of this writing) that offers a deep, cloud-native view of AWS resource data and history, optionally in the context of a...
    Mitch Hanks
    last modified by Mitch Hanks
  • Using RSA NetWitness to Detect Command and Control: PoshC2 v5.0

    Command and Control platforms are constantly evolving. In one of my previous blog posts, I detailed how to detect PoshC2 v3.8:   Using RSA NetWitness to Detect Command and Control: PoshC2   Since then, Net...
    Lee Kirkpatrick
    created by Lee Kirkpatrick
  • Serial console on hardware appliances

    As a (network) engineer I am used to having serial console access to physical devices.   I noticed this is not enables by default on RSA Netwitness appliances. Notr is it anywhere documented here on RSA Link. &#...
    Hugo Van Der Kooij
    last modified by Hugo Van Der Kooij
  • 10.6 to 10.6.6 to 11 HDD Space requirement

    Hi RSA Team,   Just had a quick general question. Im Upgrading a client from 10.6 to 10.6.6 then 10.6.6 to 11.x. Im wondering if I can run the backup script to determine the amount of space needed so i can tell ...
    Patrick McLean
    last modified by Patrick McLean
  • XML log file integration into Netwitness

    Hi, Is there any guide regarding XML log file integration into the Netwitness (integration, parsing etc..)?   Regards
    Petar Nikovic
    created by Petar Nikovic
  • Packet decoder, finding who is sending the most anount of traffic

    I'm trying to find and filter out large talkers through the packet decoder that could help in reducing our license usage.   What's the best way to find these large talkers on the decoder? Thanks. 
    Jeremy Kerwin
    last modified by Jeremy Kerwin
  • Alerting on Active Directory group name

    I'm trying to work on alerting to changes to groups in Active Directory like the Domain Admins group. I can see the event in investigate, I can also see the group name 'Domain Admins' is in the event, but I noticed t...
    Jeremy Kerwin
    last modified by Jeremy Kerwin
  • Creating a simple ESA rule

    Sorry for such a simple questioni I had a simple ESA rule that was working prior to upgrading to 11.3.1.1. but now it's not triggering anymore and gives an error about in incorrect use of an OR clause or something to...
    Jeremy Kerwin
    last modified by Jeremy Kerwin
  • Palo Alto syslog format for RSA Netwitness

    I would like to know what syslog format Palo Alto send to RSA Netwitness for default i'm set  BSD, but in other SIEM's Syslog formart are (CEF or leef).
    Leandro Chistoni
    last modified by Leandro Chistoni
  • System Maintenance: /var/log drive is full

    Hello Guys,   Good Day!   In our environment we are facing /var/log drive full in one pf log decoder.   After du - sh * running come to know that drive is full due to cd/var/log/rabbitmq . ...
  • Endpoint datastore location

    Much like with the packetdb, sessiondb, metadb, index etc. Where is the data stored for the Endpoint server or client scans? I want to make sure that it's on a partition that has enough space for the client scan dat...
    Jeremy Kerwin
    created by Jeremy Kerwin
  • SA server not able to fetch node ID details

    Hi all,    We are using netwitness 11.1.0 but due to some log collection issue we were trying to remove and re-add the Log collector service in SA server. But now we are not able to add the log collector se...
    rajbir singh
    last modified by rajbir singh
  • NWE Windows DNS Analytics Logs

    Hi All, With the ability of NWE being able to ship Windows Event Log sources to NetWitness, does that mean it's possible to ship the DNS Analytics logs into NetWitness instead of the old DNS Debug text file logs. ...
    Jeremy Kerwin
    last modified by Jeremy Kerwin