Skip navigation
Log in to follow, share, and participate in this community.

Recent Activity

William Motley
PARSERS - A Treatise on Writing Packet Parsers for RSA NetWitness   If you're interested in learning to write your own custom packet parsers, this is the information you need.  It covers parser writing from the ground up.   It begins with the fundamentals, such as the of role parsers, what makes for good meta, and how parsers see sessions.  It…
RSA Product Team
Click to view content  RSA NetWitness Investigation MetaThis table lists all of the delivered RSA NetWitness Investigation meta. Meta Key Details analysis.file: autorun Registered by: autorun.nwr analysis.file: autorun debian package mismatch Registered by: autorun_debian_package_mismatch.nwr analysis.file: autorun file path not part of debian package…
RSA Information Design and Development
Click to view contentWhen working with RSA Live ESA or the ESA Rule Builder, you should not need to know the EPL syntax used within the rules. However, if your use case exceeds the capabilities of either of these, you should become familiar with at least the basics of the EsperTech EPL language used with ESA. Note: NetWitness Platform 11.3 uses Esper 7.1. Earlier…
RSA Information Design and Development
Click to view contentIn an ongoing effort to provide the best user experience, RSA periodically discontinues content (such as rules and reports). This is to keep pace with the ever evolving threat landscape, and to ensure our customers are not overwhelmed with stale information and ‘alert fatigue’. By tailoring content to current threats, we can help keep the systems…
RSA Information Design and Development
Click to view contentThis table lists all of the delivered RSA NetWitness Rules. Note: For content that has been discontinued, see Discontinued Content. Display Name File Name Description Medium Tag 11.1-11.2 Autoruns and Scheduled Tasks from or referencing AppData 11.1-11.2 Autoruns and Scheduled Tasks from or referencing AppData Compliance Rule- Anti-Virus Signature…
RSA Information Design and Development
Click to view contentThis topic lists the RSA NetWitness Reports. The reports are built upon rules and lists. When you download a report, all necessary RSA NetWitness Rules and RSA NetWitness Lists are also downloaded. You may, however, need to download supporting RSA Application Rules and parsers. Note: For content that has been discontinued, see Discontinued…
RSA Information Design and Development
Click to view contentThis topic discusses and describes the packet (Lua) parsers available in RSA NetWitness Platform. If you need a parser that does not already exist, you can Request a Parser. Note: More information on each of these parsers is available in Live. Navigate to Live search, and select RSA Lua Parser in the Resource Types field. From the results, select…
Load more items