I'm going through the process of validating the storage configuration of our deployment and would like to work out the size on disk of the events of each log source type so I can calculate storage requirements based o... I've been struggling to find a copy of the API documentation. Any links I've been able to find are broken. Where can I locate it? active directory configuration Does NetWitness support SAML SSO authentication? With regards to Multi Factor Auth, are there other options aside from SecurID? Thanks! Dear All, We have upgraded the RSA SA from 10.6.6 to 11.3. Post upgrade we observed the warehouseconnector service not exist. Cluster ip missing in the assignment. Due to this my warehouse cluster is not avai... I can't seem to find any documentation, so I am turning to the community in hopes of finding some. I am in need of what the maximum recommended EPS is for all of the various SA devices. I realizes this can... I am experiencing an issue that the "where" statements logic is not saving when I click save. I have never seen this issue before. As a result, the rules are returning no data. I validated that the rule works and that... I try to install upgrade version 220.127.116.11 to ESA server from SA Server but I always failed with this error. below from chef-solo.log Any Idea for this error? Note:the ntp.conf on SA Server always was c... Is it just me or is it impossible to get to the RSA training sites. I saw a blog post about a great and new system. But every link points to a DELL system where any pointer to RSA Netwitness leads to err... Hello, I need to filter logs to be storage on Archiver. I need to disscard any log from device ip 18.104.22.168 and any log from device type 'winevent_nic' and from the device type 'winevent_snare' just need to keep... I have the rpcnetp.exe file on 84 clients On some clients, the IIOC score for the file is 400+. On some clients, the IIOC score is 10+. 1) Why is there a difference in the IIOC score for the exact same file?... I am new NetWitness Endpoint 4.4. I need some advise/pointers on analysis in Netwitness. Please point me to some guides or posts that can help me to do my analysis. Advise on how to score some low hanging frui... Hello, I am looking for a way run a report that will simply show a total number of sessions seen by netwitness sorted by month. Is there a way to do this? Thank you. I have some customers that have several products/solutions able to send syslog messages using CEF protocol but the decoder seems to descard them because the syslog messages came without the PRI header. My question her... while using ueba bundle does needs extra license Has anyone installed the AWS CloudWatch agent on the RSA 11.3.1 Netwitness servers? Did it cause any issues with the servers and performance? Hello, I just wanted to know something about the "truncdomain" option in RSA Feeds I have a CSV file containing a list of domain, and I send a log to rsa to check if it matches the feed If a ta... Hello our Netwitness infrastructure is getting quite old and was installed over 5 years ago. As a result the Puppet CA certificate and all the agent certificates are due to expire in about 2 months time. When... i have verified the logs messages, it is calculating the payload of request and response in meta key "large out bound data transfer". is there any other way to filter the only request base filter for the source ip lis... Hi, May I know what does this means? his is being found in the logs "The Module: 'xxxxx' is NOT currently un-deployed"