• NWE Windows DNS Analytics Logs

    Hi All, With the ability of NWE being able to ship Windows Event Log sources to NetWitness, does that mean it's possible to ship the DNS Analytics logs into NetWitness instead of the old DNS Debug text file logs. ...
    Jeremy Kerwin
    last modified by Jeremy Kerwin
  • RSA Packet Concentrator S6

    Need to know some model and details of RSA Packet Concentrator S6 
    Jinson Abraham
    last modified by Jinson Abraham
  • Decoder won't start

    Good day!   We have an issue with the RSA Decoder/ By the monitoring system, we recieve that the service status is green and ready, but the health status says Capture stopped with the red sign, how we can ident...
    Aleksey Martyanov
    last modified by Aleksey Martyanov
  • How many characters does Netwitness query filtering able to afford? 

    My rules is to check for hits from the list, which the list might contains quite a huge data.  For example the rule is: ip.dst = $[list] List: 1.1.1.1, 2.2.2.2,......, etc. When I drill in to particular hits, ...
    Xue YQ
    last modified by Xue YQ
  • Inquiry about NWe licenses

    I have a customer who bought Netwitness for Log as solution. In the last days, we were with them and they ask us about the integration of a very hardenred windows envieroment. I told them to let me think about it for ...
    Maximiliano Cittadini
    last modified by Maximiliano Cittadini
  • ESA Rule - event A not preceded by event B

    Hi, I have a case when I want to create an alert for a specific event only if another event did not preceded that specific event. To give more context: if an email gateway 'reputation' event happened for an ...
    Tamas Szilagyi
    last modified by Tamas Szilagyi
  • Failed to install services on NetWitness server

    Hi all, I'm new with NW and I have a couple of basic questions.   I'm trying to deploy NW on AWS so, for now, I succeed to install and login to the NW platform using the Lite Version. Q: How can I get the full v...
    Yotam Ben Ezra
    last modified by Yotam Ben Ezra
  • How do you set up reporting to monitor for local user in the SAadministrator group?

    I would like to see how I can create a report to monitor user's activity while using netwitness. I specifically want to monitor users in the SAadministrator group. Users are authenticating using PAM and the user's rol...
    Eric Schwartz
    last modified by Eric Schwartz
  • How Can I use LDAP to authenticate my users to ssh access on NW Appliances?

    How Can I use LDAP to authenticate my users to ssh access on NW Appliances? I have an "AD" group used to access all tools by ssh. I am using this way to all security solutions here, but the RSA I am using a loca...
  • Where can I find information about importing IP watchlists into NW

    I have a list of IOC IPs and want to stand up a rule and alert.  Does anyone know where I can find information on this process?  I'm a VERY green n00b who starts training next month.   Thanks
    Paul Bagnell
    last modified by Paul Bagnell
  • Import / Export Data

    Im trying to reduce a xfs partition.   Unfortunely when i try to create packet of the metadb/packetdb/index, etc the xfsdump is not installed.   Is there any way taht i can create backup and then export da...
    Renato Goncalves
    last modified by Renato Goncalves
  • ESA rule broken at 11.3

    We recently upgraded from NetWitness 10.6.6 to 11.3. Several rules got disabled during the upgrade and they no longer work. I suppose it is mainly because directory meta changed type from string to string[], so that i...
    Bohdan Rylko
    last modified by Bohdan Rylko
  • Failed to install services on NetWitness server

    Hi all, I'm new with NW and I have a couple of basic questions.   I'm trying to deploy NW on AWS so, for now, I succeed to install and login to the NW platform using the Lite Version. Q: How can I get the ful...
    Yotam Ben Ezra
    last modified by Yotam Ben Ezra
  • How do I generate reports of historical throughput statistics?

    I need to gather data about the utilization of our Netwitness 11.  Has anybody created reports that provide numbers of sessions, logs, packets, bandwidth, etc. captured by the decoders?   /D
    Dion Stempfley
    last modified by Dion Stempfley
  • Configuration VM Log Hybrid in Azure

    I need to prepare a VM on Azure and I am unsure what settings for this environment. Does anyone have any suggestions? It will be a VM Log Hybrid, 1000 EPS, with maximum storage of 3 days of information.
    Andre Santos
    created by Andre Santos
  • Filter on Packet Decoder

    Hello all, Could you help? We need to set filtering  on packet decoder. In Decoder Configuration on Adapter we set Berkeley Packet Filter. But we don't see the decrease of incoming traffic. Could you help -...
    Denis Shinkarenko
    last modified by Denis Shinkarenko
  • ESM Syslog Template & Parsing

    Hi All,   We have recently moved to v11.3.1.1 on Netwitness and I am trying ot use the default Event Source monitoring to send syslog to one of our decoders when a device is inactive for a certain period of time...
    Shishir Kumar
    last modified by Shishir Kumar
  • Why i can't see any index columns ? (Archer/NetWitness integration)

    i'm trying to do the integration (Archer/NetWitness), i'm following the guide that is provided in the official site, but i'm stucked in the part that i need to create a custom feed, when i'm in the "define columns" ta...
    Newton Gomes
    last modified by Newton Gomes
  • Host stuck on 'Rebooting'

    I just updated to 11.3.2.0 from 11.3.1.1. One of my hosts is stuck on 'rebooting'. It will time out after a while When trying to reboot from the GUI nothing happens on the host and the status of 'rebooting' will jus...
    Jeremy Kerwin
    last modified by Jeremy Kerwin
  • Chef-solo fails on Endpoint Log Hybrid

    When running the following command on my endpoint log hybrid. It fails with the subsequent errors.   chef-solo --no-color --logfile "/var/log/netwitness/config-management/chef-solo.log" --format doc --config /var...
    Jeremy Kerwin
    last modified by Jeremy Kerwin