• Restricting view access to Hosts

    Is it possible to restrict the ability to view groups of hosts in NetWitness endpoint by permissions? Ie. Analyst A is only allowed to see hosts that are assigned to USA, Analyst B are allowed to see hosts in the EME...
    Jeremy Kerwin
    created by Jeremy Kerwin
  • HTTP_lua Parser: missing expected meta

    Is anyone else having issues finding expected meta from the HTTP_lua parser?   Particularly I'm concerned that the latest version of the parser may not be parsing out these pieces of meta <below> but there...
    David Gassman
    last modified by David Gassman
  • Packet Lua Parser - assistance

    I'm working on a packet parser that I could use some Community help with. Essentially I'm trying to find a token and then register that token as meta in an existing key. Additionally, if more than one token is found ...
    David Gassman
    last modified by David Gassman
  • SDK form gone in 11.3.1.0?

    When accessing the RESTful API as described in SDK Commands I was used to seeing the /sdk form as displayed on page 15 of that PDF: However, in 11.3.1.0 the form is no longer there. Only the static links shown on p...
    Richard van den Berg
    last modified by Richard van den Berg
  • DNS resolution of Relay server

    I have made a host entry on the netwitness endpoint server for the relay server but the platform is not resolving it from the UI. although it perfectly resolves from the CLI.    
    Mayank Sharma
    created by Mayank Sharma
  • To what compression ratios do the different compression settings translate?

    What compression ratios do the different levels of meta.compression.level and packet.compression.level effectively translate to with the different packet.compression and meta.compression values?   I.e. if w...
    Tomi Reiman
    last modified by Tomi Reiman
  • How to Perceived duplicated Traffic

    Hello everyone!   The Team here surged with a question regarding the possibility to check on Netwitness wether ir not there is duplicated Traffic. It is more like, using Netwitness to point Network maps being ob...
    Henrique Braz
    last modified by Henrique Braz
  • Collected log size

    Hello. Is there a way to limit the individual size of the logs that NetWitness 11.2 collect?    Thanks.
    Teyocoyani Orozco
    last modified by Teyocoyani Orozco
  • Expand the display of the meta key

    Dear !  As far as I know, the meta key display will be 256 characters, is there any way to expand it or not?  
    chien nguyen
    last modified by chien nguyen
  • Brotli compression

    We are seeing a lot of sessions come through with Brotli compression.   Is there any thoughts about uncompressing this traffic so that the Netwitness parsers can leverage the uncompressed packet? Notice the ...
    Paul Calamari
    last modified by Paul Calamari
  • NWE: Alert when process dump created

    In NetWitness endpoint, I deployed the Endpoint bundle pack to ESA, I was surprised to find that there wasn't an alert generated when a process dump file was created.   Is there an alert within RSA live to ale...
    Jeremy Kerwin
    created by Jeremy Kerwin
  • How do you set up Windows Exchange server CAS logs to NetWitness?

    I am running NetWitness version 11.3.1.0 and was trying to set up collecting and reporting on CAS logs into the SIEM. We are collecting exchange server logs. Is there a way to do this?
    Eric Schwartz
    created by Eric Schwartz
  • Serial console on hardware appliances

    As a (network) engineer I am used to having serial console access to physical devices.   I noticed this is not enables by default on RSA Netwitness appliances. Notr is it anywhere documented here on RSA Link. &#...
    Hugo Van Der Kooij
    last modified by Hugo Van Der Kooij
  • 10.6 to 10.6.6 to 11 HDD Space requirement

    Hi RSA Team,   Just had a quick general question. Im Upgrading a client from 10.6 to 10.6.6 then 10.6.6 to 11.x. Im wondering if I can run the backup script to determine the amount of space needed so i can tell ...
    Patrick McLean
    last modified by Patrick McLean
  • XML log file integration into Netwitness

    Hi, Is there any guide regarding XML log file integration into the Netwitness (integration, parsing etc..)?   Regards
    Petar Nikovic
    created by Petar Nikovic
  • Packet decoder, finding who is sending the most anount of traffic

    I'm trying to find and filter out large talkers through the packet decoder that could help in reducing our license usage.   What's the best way to find these large talkers on the decoder? Thanks. 
    Jeremy Kerwin
    last modified by Jeremy Kerwin
  • Alerting on Active Directory group name

    I'm trying to work on alerting to changes to groups in Active Directory like the Domain Admins group. I can see the event in investigate, I can also see the group name 'Domain Admins' is in the event, but I noticed t...
    Jeremy Kerwin
    last modified by Jeremy Kerwin
  • Creating a simple ESA rule

    Sorry for such a simple questioni I had a simple ESA rule that was working prior to upgrading to 11.3.1.1. but now it's not triggering anymore and gives an error about in incorrect use of an OR clause or something to...
    Jeremy Kerwin
    last modified by Jeremy Kerwin
  • Endpoint datastore location

    Much like with the packetdb, sessiondb, metadb, index etc. Where is the data stored for the Endpoint server or client scans? I want to make sure that it's on a partition that has enough space for the client scan dat...
    Jeremy Kerwin
    created by Jeremy Kerwin
  • NWE Windows DNS Analytics Logs

    Hi All, With the ability of NWE being able to ship Windows Event Log sources to NetWitness, does that mean it's possible to ship the DNS Analytics logs into NetWitness instead of the old DNS Debug text file logs. ...
    Jeremy Kerwin
    last modified by Jeremy Kerwin