• SA - Visio Stencils

    Dears,   can someone provide me with the SA stencils?
    Bechara Abou Rahal
    last modified by Bechara Abou Rahal
  • Question on Netwitness custom parser

    Hello all,   Recently, I configured a new custom parser for a customer, and successfully modified all index-concentrator-custom, index-logdecoder-custom and  table-map-custom files, across three separate co...
    Jose Lopez-Villela
    last modified by Jose Lopez-Villela
  • Reset a DAC Raid Configuration

    How can we reset a Powervault DAC  Raid to it's initial configuration (all the disk Unconfigured). when we are switching the DAC from an Appliance to Another?
    Rachid Griech
    last modified by Rachid Griech
  • Log for channel Security may have rolled over

    On our Endpoint Log Hybrid (Not a legacy collector), I'm seeing the following errors in the /var/log/messages file for all of our Windows Event Sources.   Dec 18 02:36:46 <END_LOG_HYBRID> NwLogCollector[15...
    Jeremy Kerwin
    last modified by Jeremy Kerwin
  • VLC SSHD Authentication Error

    I have a BU that is not able to SFTP files over to one of our VLCs. Upon investigation I am seeing the following error when I run a "systemctl status sshd":     Can somone please let me know where I can f...
    Dwayne Fryer
    last modified by Dwayne Fryer
  • Help in EPL

    rule for login after office hours and on weekday...??
    Rahul Chauhan
    last modified by Rahul Chauhan
  • Syslog forward from Log Decoders

    Hi All! I was reading the following article: Decoder: Configure Syslog Forwarding to Destination    and I've tested it, but I saw the decoder doesn't send the original IP of de original device into the sy...
    Maximiliano Cittadini
    last modified by Maximiliano Cittadini
  • Collected log size

    Hello. Is there a way to limit the individual size of the logs that NetWitness 11.2 collect?    Thanks.
    Teyocoyani Orozco
    last modified by Teyocoyani Orozco
  • Endpoint datastore location

    Much like with the packetdb, sessiondb, metadb, index etc. Where is the data stored for the Endpoint server or client scans? I want to make sure that it's on a partition that has enough space for the client scan dat...
    Jeremy Kerwin
    last modified by Jeremy Kerwin
  • Help with CEF custom fields

    Hi all, I have a customer who is running Kaspersky and he doesn't have access to the SQL Express instance (it seems that the kaspersky solution install and creates it own db engine with sql express, with a custom admi...
    Maximiliano Cittadini
    last modified by Maximiliano Cittadini
  • tcp.srcport Index/Meta(s) Overflown

    We have several appliances that report tcp.srcport is overflown. We are familiar with this concept for meta keys that have limited index sizes like payload or filename, but tcp.srcport in defined correctly in index-co...
    Richard van den Berg
    last modified by Richard van den Berg
  • To what compression ratios do the different compression settings translate?

    What compression ratios do the different levels of meta.compression.level and packet.compression.level effectively translate to with the different packet.compression and meta.compression values?   I.e. if w...
    Tomi Reiman
    last modified by Tomi Reiman
  • syslog log collection not shown under log collection.

    syslog log collection not shown under log collection.
    Kanishka Bansal
    last modified by Kanishka Bansal
  • SDK form gone in

    When accessing the RESTful API as described in SDK Commands I was used to seeing the /sdk form as displayed on page 15 of that PDF: However, in the form is no longer there. Only the static links shown on p...
    Richard van den Berg
    last modified by Richard van den Berg
  • Restricting view access to Hosts

    Is it possible to restrict the ability to view groups of hosts in NetWitness endpoint by permissions? Ie. Analyst A is only allowed to see hosts that are assigned to USA, Analyst B are allowed to see hosts in the EME...
    Jeremy Kerwin
    created by Jeremy Kerwin
  • HTTP_lua Parser: missing expected meta

    Is anyone else having issues finding expected meta from the HTTP_lua parser?   Particularly I'm concerned that the latest version of the parser may not be parsing out these pieces of meta <below> but there...
    David Gassman
    last modified by David Gassman
  • Packet Lua Parser - assistance

    I'm working on a packet parser that I could use some Community help with. Essentially I'm trying to find a token and then register that token as meta in an existing key. Additionally, if more than one token is found ...
    David Gassman
    last modified by David Gassman
  • DNS resolution of Relay server

    I have made a host entry on the netwitness endpoint server for the relay server but the platform is not resolving it from the UI. although it perfectly resolves from the CLI.    
    Mayank Sharma
    created by Mayank Sharma
  • How to Perceived duplicated Traffic

    Hello everyone!   The Team here surged with a question regarding the possibility to check on Netwitness wether ir not there is duplicated Traffic. It is more like, using Netwitness to point Network maps being ob...
    Henrique Braz
    last modified by Henrique Braz
  • Expand the display of the meta key

    Dear !  As far as I know, the meta key display will be 256 characters, is there any way to expand it or not?  
    chien nguyen
    last modified by chien nguyen