Skip navigation
Log in to follow, share, and participate in this community.

Recent Activity

RSA Information Design and Development
Click to view content    When conducting an investigation in the Events view, you can select one or more events and create an incident that is available for incident responders in Respond. When you create an incident, if access restrictions are in effect, you can view only incidents to which you have access. For example, when creating incidents from the Investigate…
RSA Information Design and Development
Click to view content(From 11.5.1 and later) NetWitness UEBA Modeled Behavior provides analysts with visibility into the usual activities of users monitored by UEBA. These modeled behaviors are based on the log data leveraged by UEBA and are available a day after the UEBA service is configured. UEBA monitors abnormal user behaviors to identify risky users and this…
RSA Information Design and Development
    Configuring Custom Multi-valued Meta Default multi-valued meta keys are action, alias.host, alias.ip, alias.ipv6, email and username, if the custom multi-valued path parameter is not set in Logstash configuration file (netwitness-<decoder-ip>-input.conf), then only default values are considered for multi-valued meta. Custom valued meta can…
RSA Information Design and Development
Click to view content    Health and Wellness Note: This feature is available only from NetWitness Platform version 11.5 and later. For more information, see "Monitor New Health and Wellness" in System Maintenance Guide for RSA NetWitness Platform. You can monitor the operational state of the Logstash service and details of sources configured in the New Health &…
RSA Information Design and Development
  Refer to Logstash Troubleshooting Documentation You are here Table of Contents > Export Connector Install: Troubleshooting
RSA Information Design and Development
Click to view contentComponents Title, Problem & Workaround Found In / Exists In Fixed Version Tracking Number NetWitness Export Connector Title: Position tracking is not updated properly when query is used to filter the sessions. Problem: Last session.id aggregated is not updated to the latest aggregated ID but is updated only to the last filtered session…
RSA Information Design and Development
    Note: Make sure you open the firewall of the Decoder or Log Decoder to establish connection with the Logstash. For more information, see "Network Architecture and Ports" in Deployment Guide for RSA NetWitness Platform. You must configure the Logstash configuration file to process the NetWitness Platform events. Create a Logstash…
RSA Information Design and Development
    IMPORTANT: Ensure that you follow all the security-related best practices and guidelines outlined in the Logstash documentation to avoid any potential security risks. You can install the open source version of Logstash (OSS) or the paid version (Elastic). The supported version is Logstash 7.6.2. Information on released versions of…
RSA Information Design and Development
    You can configure the Logstash Filter plugin to add, remove, or modify the specific input events from the Log Decoder or Decoder. To configure the Filter plugin, add the Filter plugin parameter settings in the second section of the Logstash configuration file (netwitness-<decoder-ip>-input.conf). This plugin modifies the events based on the…
RSA Information Design and Development
    Configure SSL Note: When configuring the Logstash, you may need to specify sensitive settings such as passwords. You can use the Logstash keystore to securely store secret values instead of file system permissions for using it in configuration settings. For more information, see Logstash keystore Documentation. To support trusted…
Load more items