Good Morning. I installed 10.6.6.1 on June 12th. Last week I noticed that an ESA rule had not fired and on investigating I can see that there was a correlation between the upgrade and a drop in Windows events.... We are planning to upgrade RSA 10 to 11 series version so I have some doubt on below questions. Please help me on these questions- 1. We have 4 series physical appliance. can we upgrade 22.214.171.124 version ... Hello everybody, I hope you can help me out. I have created a rule in EPL that should trigger whenever the corresponding event occurs in one of the metafields. I would also like to receive an alarm if a certain IP ra... Can I retrieve all metadata of a network session using the REST API? If so, can someone explain to me how this works? I want to use the sessionid as unique identifier. Cheers, Niels. We recently upgraded from NetWitness 10.6.6 to 11.3. Several rules got disabled during the upgrade and they no longer work. I suppose it is mainly because directory meta changed type from string to string, so that i... Hi everyone, Can someone help me to get the list of all meta keys along with the respective field names ! Hi, i want to apply STIG to my Netwitness 11.3. And i found that there is no guide line. I recently imported some custom yara rules into the Malware Analysis appliance. These particular rules had a large condition set that relied on pe.imphash() so first off the .yara file has an import for pe, just... Hello, Are there documents/articles specifing Netwitness packet capture behavior and parsing regarding traffic with wrong checksums? Are those packets dropped? This question arised due to tests using ... RSA, We recently upgraded to v11.2 and now WinSCP is not connecting to any of the upgraded devices. Therefore, we are not able to SCP any files. I recall there is key exchange or similar that needs to be done. Can so... Hi Team, where i will able to view my ESA alerts summary and graph in RSA Version 11 . Likewise i able to view the same in 10.6.6 under alerts >>>>summary . I hav tried a lot no... Hello, i'm trying to pull some logs from a MySQL db (version 5.7.26-0ubuntu0.18.04.1) following the guide Here. I did all the procedure correctly, downloading the new version of odbc driver (8.0.16-1.el7.x86_... I'm new to this SIEM and writing rules. How would I write a simple rule to report when changes have been made to GPO? We are migrating our environment to another datacenter and i have a few questions: 1- Its possible to forward the IP from the VLC to another Collector/Decoder Destination? 2- It is possible to forward the dev... Is there an option to log and monitor analyst and admin activities on the SA console? The requirement is that any activity performed by analysts or the admin itself (local or LDAP) be logged and available for auditing. I want to build a url that shows a NetWitness user the event details in the investigate module. So something like: https://nwserver/investigation/<serviceid>/events?sessionid="<id>" Is this possible? Hi Team, We need to format ESA hard disk.Can you Please tell me which type of cable(Hard disk to USB) it required to do this activity? Community: I'm facing an issue trying to add two different WLCs to two different Log Collectors with Netwitness 10.6.6. In both cases when I configure the destination of the collection the GUI throws me the fol... Has anyone encountered this issue? Under Respond->Alerts, noticed an odd attribute for Source, it appears as Missing translation: respond.alert.source. How can we reset a Powervault DAC Raid to it's initial configuration (all the disk Unconfigured). when we are switching the DAC from an Appliance to Another?