• Mongo DB default Credentials Status

    In our organisation we got one VAPT comment that "Mongo DB credentials not set" now normally we have seen when ever team has logged in into mongo they will be using below format:   # mongo admin -u deploy_admin ...
    socuser .
    last modified by socuser .
  • How do I modify a parser to map meta differently?

    First, I'm a beginner with Netwitness so forgive me if my terminology is slightly off. I'm using the default ZScaler NSS parser from RSA. It has been working for some time. I just need to make a slight change. Current...
    Ben Taratoot
    last modified by Ben Taratoot
  • Mapping between log messages and Meta data

    Where is the mapping defined between NetWitness and syslog messages?  For example if I want to see a failed ssh login on a RedHat system I could look for the following in /var/log/messages: #   &#...
    Ray Blair
    last modified by Ray Blair
  • RSA NW 11.4 Language pack Release Notes

    Hello!   I can`t find document named RSA NetWitness Platform 11.4 Language Pack Release Notes.
    vladimir rydvanov
    last modified by vladimir rydvanov
  • Office 365 Log Collecting/Rules

    I recently integrated Office 365 logs into NetWtiness.  I installed all 5 parser packs and everything works fine.    I want to set up dashboards and enable some rules and would like to know a good bas...
    Ernie Castro
    last modified by Ernie Castro
  • Reindexing new meta

    I've included a new meta key under index-concentrator-custom.xml to be indexed (and be searchable). Is it possible to have this meta information available for historical / old log data and not just new data? There is ...
    Stewart Gray
    last modified by Stewart Gray
  • Error pop up when config checkpoint to RSA

    Hi,   We need to add our Checkpoint logs to RSA Engine. When we trying to pull cert in RSA event source following error occurred.Please help to resolve this matter.     We followed attached guidelin...
  • False alarm health & wellness

    I created a policy to generate an alarm whenever the log decoder server is above 90% of memory usage. However, it has generated several false positives, since the log decoder server keeps most of the memory in buffer...
    Eric Barreto
    last modified by Eric Barreto
  • Log count event error by log source

    I am facing a problem generating reports for counting total events by log source. I am doing the generation based on did, but for some reason the report count does not match the total logs that DID actually received....
    Eric Barreto
    created by Eric Barreto
  • Beacons to pendo.io

    I just upgraded our servers to NetWitness 11.4.1.2 and noticed almost every page sends beacons to pendo.io:   https://cdn.pendo.io/agent/releases/2.58.0/guide.css  https://cdn.pendo.io/agent/static/5573cea...
    Richard van den Berg
    last modified by Richard van den Berg
  • Upgrade from 11.3.x to 11.4.x

    Why is not available download netwitness-11.4.0.0.zip from RSA Link portal?
    vladimir rydvanov
    last modified by vladimir rydvanov
  • Netwitnesws Archiver - adding disk space

    Netwitness - Archiver adding disk space.   What is the correct way to add disk space to Archiver to store log files? I see the following from df -h VolGroup00-nwhome         /var/netwitness...
    James Williams
    created by James Williams
  • Failed to Install Service Log Collector

    I'm installing a new Log Collector Service.   I followed the Virtual Host Setup: Install NetWitness Platform Virtual Host in Virtual Environment , already run the NWSETUP-TUI (successful), enable it thru Ad...
  • Non-ASCII filenames

    Today I noticed a setup with Non-ASCII filenames in the Meta Keys. Unfortunatly those simpley don't work in the investigation module.   Is there way to translate Non-ASCII filenames to ASCII characters in the de...
  • nginx logs to RSA netwitness

    Dears,   Has anybody tried to monitor nginx web server using RSA Netwitness? If so please share the config sample to forward logs to Netwitness from linux web server?  I tried apache log source configuratio...
    azim gambarli
    last modified by azim gambarli
  • Troubleshooting CISCO Asa FW Event Source

    Hello, Can anyone help me start troubleshooting cisco asa 5506 since i'm not getting any logs from it All the configuration were done on the device   Thank You
    Ornaldo Naqellari
    last modified by Ornaldo Naqellari
  • Cloudflare integration with RSA SA

    Cloudflare makes available Logpull a RESTful API to request logs over HTTP from its platform.   Question is, is there a module or method within RSA SA to make queries to an external API such as Logpull, req...
    Visham Rawat
    last modified by Visham Rawat
  • What does a successful network connection from firewall mean?

    Action = Allow Event Category Name = Network.Connections.Successful Event Activity = Permit Device = Firewall Src IP = Internal IP Dst IP = Public IP Dst Port = PortNo.   In such a situation, what exactly ...
    Visham Rawat
    last modified by Visham Rawat
  • Custom CEF Parser - Own Directory

    Hello,    I've built a custom parser for an event source which sends logs in CEF format. To make it a bit more portable, I'd prefer not to require modifying cef-custom.xml (as per the guide - Custom CE...
    Stewart Gray
    last modified by Stewart Gray
  • When do we expect the azure_ad_signin plugin to support the UDM?

    When do we expect the azure_ad_signin plugin to support the following meta which is a part of the UDM outlined in RSA NetWitness® Suite Unified Data Model Available Concepts    event.cat event.cat...
    Darren Wessely
    created by Darren Wessely