Skip navigation
All Places > Products > RSA NetWitness Platform > RSA NetWitness Platform Online Documentation > Documents
Log in to create and rate content, and to follow, bookmark, and share content with other members.

ESM: NetWitness Event Sources

Document created by RSA Information Design and Development Employee on Apr 10, 2019Last modified by RSA Information Design and Development Employee on Sep 8, 2020
Version 6Show Document
  • View in full screen mode

Event sources are network sources that send information about events to the RSA NetWitness Platform. They can be physical devices, such as laptops, network switches or firewall, and virtual or cloud-based applications, such as VMware. For example:

  • An Apache HTTP Server
  • Amazon Web Services CloudTrail
  • A Barracuda Web Application Firewall
  • A connection to Dropbox
  • An Oracle Database
  • A VMware vCenter Server

You first configure all of your event sources so that they can communicate with the NetWitness Platform. RSA provides configuration guides for many common event sources, using a variety of collection methods (such as Syslog or file collection). After you have your event sources configured, use the information in this guide to manage them going forward.

You are here
Table of Contents > NetWitness Event Sources