• NTP settings of RSA Netwitness 11.3

    Hi, currently RSA runs in UTC and we need to set it to IST. We have added NTP server to RSA but it not worked. Is there any way to set time to IST?  
    Prasanna Madhushanka
    last modified by Prasanna Madhushanka
  • Is it possible to get a report of existing incidents in RSA system?

    Hi, we are using RSA netwitness  (version 11.3.1.0-190620195444.5.e64d57a) and we have a requirement to get a detail report about all existing incidents that we are created. is there any way to get this report?
  • values-over-time chart if rule has 'Summarize=Custom'

    My rule returns the value we expect (number of different "ip.src" that generated events of the type indicated in the "where" field). Is it possible to use this rule in a values-over-time chart to display the number of...
  • GeoIP Update

    Hi All,   As geoIp gets updated with the version update which comes in month(s) and maxmind update their database once in a three week. So there is lack of updated database in SA due to which sometimes we gets t...
    Mohd Saad Khan
    last modified by Mohd Saad Khan
  • Bulk Data Export From RSA Netwitness Archiver

    Hi Team,   Currently we using RSA Netwitness 11.3.1.1 in our organization. So we have archiver which is deployed for log retention. At present we having 5 months of log data stored in archiver. We have the below...
    Devaraj Mohan
    last modified by Devaraj Mohan
  • TA2101 IOC feed

    Hello Community,   I have been researching the threat actor maze/chaha/TA2101. There are plenty of IOC's for this threat but none seem to be threat source entries like firstwatch, bambenek or thirdpart-ioc etc. ...
    Mike Boggess
    created by Mike Boggess
  • Is it possible to increase an appliance's memory?

    Is it possible to increase an appliance's memory? For example an Hybrid appliance what are the recommendations in terms of scaling in terms of EPS? Should we integrate anoher Hybrid appliance?
    Jaime Moscoso (SOC)
    last modified by Jaime Moscoso (SOC)
  • ERSPAN Tap port on decoder from multiple ESX Hosts

    Hello Everyone,   We are installing the All-In-One Netwitness virtual appliance suite and I'd like the Decoder to be able to be vmotioned to/from any one of three ESX 5.5 hosts. The span port will be a L3 Mirror...
    RSA Admin
    last modified by RSA Admin
  • Multi-Tenant Support for Alerts and Incidents in RSA Netwitness

    Hi Team, We would like to know how the multi-tenant model works for alerts and incidents in RSA Netwitness 11.3. Lets we have 2 sites in different geographical location, We want to see the alerts and incidents separa...
    Devaraj Mohan
    last modified by Devaraj Mohan
  • RSA Netwitness VLC needs AV ?

    HI Team,   We have installed VLC (Virtual Log Collector) in one of our site to collect logs. We have below quires from the IT Team.   Can we install endpoint security (AV) in the VLC (Which is the Cent OS)...
    Devaraj Mohan
    created by Devaraj Mohan
  • Advanced ways of managing hosts and groups in NWE

    From the UI, the ways to interact with managing the hosts and groups within NetWitness Endpoint is quite simple and basic.  It makes it difficult to perform tasks on mass with a lot of hosts.   Are there a...
    Jeremy Kerwin
    created by Jeremy Kerwin
  • How to make a test attack to pop up an incident alert from RSA netwitness Logs

    Hi everyone,   I have an RSA netwitness with no incidents or alerts. I want to get an incident only from logs so that I can test that incident. As example, I need to simulate an attack to my server, as for web s...
    Kyi Thin
    last modified by Kyi Thin
  • Getting Display Columns to export

    When I run a query in the Events tab, I would like to Download the data and Export it to csv.  The problem I'm facing is that when I Export the data, I only get a couple columns; the time, device IP, and the raw ...
    Ernie Castro
    created by Ernie Castro
  • How to upload private key? (Decrypt Incoming Packets)

    I would decrypt SSL packets from website server powered by Apache, I set supported TLSv1.2 and supported cipher TLS_RSA_WITH_AES_256_CBC_SHA256 but when I trying upload key I receiving errors as below, ...
    Lukasz Czerwonka
    last modified by Lukasz Czerwonka
  • Where is sa/nw sftpagent download located?

    Why sa/nwsftpagent link is not on https://community.rsa.com/docs/DOC-40370 and generally impossible to find?   Is it so hard to put all the downloads in one page? You have already tried to do that but failed to ...
    Marinos Roussos
    last modified by Marinos Roussos
  • /var/netwitness/broker partition was with 100% used space.

    Hello, team.   Today I came across the following situation where Broker stopped working. When accessing via SSH I noticed that the /var/netwitness/broker partition was with 100% used space. In the /broker direc...
    Paulo Francisco
    last modified by Paulo Francisco
  • Active Directory Integration?

    From what I can tell the Investigator client only can leverage local accounts to the broker/concentrator service.    Is that correct?
    KEVIN DIENST
    last modified by KEVIN DIENST
  • ESA 11.3 falling sessions behind

    Hello,   We are experiencing ESA sessions behind with 11.3+ ESA and would like to seek advice of community on how to handle the issue. You can see previous thread covering 10.6 here: ESA Lag - Sessions...
    Nick Mikhal
    last modified by Nick Mikhal
  • Office 365 Log Collecting/Rules

    I recently integrated Office 365 logs into NetWtiness.  I installed all 5 parser packs and everything works fine.    I want to set up dashboards and enable some rules and would like to know a good bas...
    Ernie Castro
    last modified by Ernie Castro
  • If i am currentely on RSA Netwitness 11.2.0.0 version and want to upgrade on 11.3.1.1 then on the download page should i be downloading Service Pack Image or the Patches for 11.3.1.1

    If i am currently on RSA Netwitness 11.2.0.0 version and want to upgrade on 11.3.1.1 then on the download page should i be downloading Service Pack Image or the image form the Patches part.     Then again...
    socuser .
    last modified by socuser .