• Context Hub List

    Hi Community, is there any way to consume, check and edit/create a context hub list via script/api or so? The idea is to create a Context Hub list with the users of some OUs inside the Active Directory to fuhter use ...
  • Alert based on unique meta key value count

    Is there a way to alert on the number of unique meta key values associated with a session for a particular meta key (without using ESA or reports)? This is for Netwitness packets 10.6.2.    A simple use cas...
    Michael Pochan
    last modified by Michael Pochan
  • Third-Party Integration with BoC

    I am looking for any solution/ technical experience on integration of Archer with BoC products like Adonis, AdoIT. BoC Adonis AdoIT rsa interface rsa user interface interface interfa...
    Abhishek Roy
    created by Abhishek Roy
  • Add Meta to Log Based on List

    Hello!   I am trying to add a meta field to our web traffic based on whether or not it is in the top 1 million domains visited.   I can get the list easily, I was just wondering if it was possible to add a...
    Tyler DeFoor
    created by Tyler DeFoor
  • EPS report from GUI

    Dear Team,   We are creating one EPS report as per the clients requirement in our environment with the help of below commands in CLI(putty). As many team member are in WFH and we do not have CLI access so ...
    socuser .
    last modified by socuser .
  • Error while executing an Advanced EPL rule

    Hello Team,  I am getting an error while executing the below advanced EPL rule, please help me out. @RSAAlert(oneInSeconds=0) SELECT * FROM  Event ( medium = 1 AND device_type='checkpointfw1'   &#...
    support soc
    last modified by support soc
  • Cloudflare integration with RSA SA

    Cloudflare makes available Logpull a RESTful API to request logs over HTTP from its platform.   Question is, is there a module or method within RSA SA to make queries to an external API such as Logpull, req...
    Visham Rawat
    last modified by Visham Rawat
  • Adding Security Analytics IM endpoint in RSA Archer

    Hello Everyone,    I was trying to add Security Analytics IM as endpoint in my archer setup and facing some issue stating below:  can anyone had face the same or help me to fix this issue, Thanks...
    rajbir singh
    last modified by rajbir singh
  • WinRM - Incomplete events with System Channel on ID 7036

    Hi community, I have a customer who recently deployed Netwitness 11.4.1 and he is retrieving windows events using WinRM. Almost all events were retrieved just fine except those within the System Channel with ID 7036. ...
    Maximiliano Cittadini
    last modified by Maximiliano Cittadini
  • Report Notification

    How to display out put value of report in the email body itself , instead of csv or pdf.   
    Yogesh Mavani
    last modified by Yogesh Mavani
  • Winrm  401/Unauthorized Does not Map to a Kerberos Realm

    Hi,   Anyone can help me about this error we get when we run the winrm on power shell. This is the error we get on the SA gui.     Winrm  401/Unauthorized Does not Map to a Kerberos Realm   ...
    Emmanuel Bryan Villajuan
    last modified by Emmanuel Bryan Villajuan
  • Identify performance issues virtual appliance 11.4

    We operate a fully virtual NW deployment on 11.4. It consists of a number of virtual machines on vSphere hypervisors on Dell R730 (soon to be R740) servers. The backend storage is Fibre storage fabric to a NetApp back...
    Jeremy Kerwin
    last modified by Jeremy Kerwin
  • ProofPoint Targeted Attack Protection (TAP) Integration

    I'm trying to integrate the ProofPoint TAP API into NetWitness using the instructions located here - Proofpoint Targeted Attack Protection Event Source Configuration    I don't think it's properly work...
    Jeremy Kerwin
    last modified by Jeremy Kerwin
  • Non Domain Windows server integration steps

    What will be the steps of integrating the windows server with netwitness 11.2. The windows server is not part of the domain but is connected in LAN and is reachable.
    socuser .
    last modified by socuser .
  • RSA NW Backup script v4.3

    Hi, anyone have a backup script v4.3? As mentioned at video guide demo from -> Upgrading the RSA NetWitness Platform to Version 11.3 (Video Demonstration) is it compulsory must only use v4.3 instead of v4...
    Mohd Amri Razlan
    last modified by Mohd Amri Razlan
  • RSA NW 10.6.6 to 11.3 upgrade via Upgrade Pack

    Hi, Is is possible to upgrade from version 10.6.6 to 11.3.1.1 via Upgrade Pack without using the ISO? Upgrade pack link -> https://community.rsa.com/docs/DOC-107172
    Mohd Amri Razlan
    last modified by Mohd Amri Razlan
  • Clarification of risk scores in NW Endpoint vs ECAT

    Am I correct in the following assumption. In ECAT, when files or processes were whitelisted the risk score would lower automatically, but I've noticed that doesn't occur in NetWitness Endpoint.   Is the process ...
    Jeremy Kerwin
    created by Jeremy Kerwin
  • Malware Analytics Invalid username or password error

    Hello everyone,   I'm having issues configuring a Malware Analytics server for Continuous Monitoring.   I have a Packet Concentrator that I want it to be monitored for files being transferred. Files the...
    Stefan Dimitrov
    last modified by Stefan Dimitrov
  • How to compare two meta value IN ESA for the same session.

    I would like to create ESA alert based on below logic. Can any one assist me to create it.    Alert should tiger if value of two meta is not same for the same events/session.    metaA != metaB 
    Yogesh Mavani
    last modified by Yogesh Mavani
  • (Decoder) Initialization Error

    Any idea? Failed to start capture: Failed to process message start for /decoder com.rsa.netwitness.carlos.transport.TransportExc eption: Decoder did not initialize correctly, please check the logs.   Thank you ...
    Mohammad Zailani Shato
    last modified by Mohammad Zailani Shato