REST API: Access in NetWitness

Document created by RSA Information Design and Development Employee on Apr 10, 2019Last modified by RSA Information Design and Development Employee on Sep 4, 2020
Version 6Show Document
  • View in full screen mode

This topic describes how to enable the REST API in NetWitness Platform. The REST API must be enabled by setting /rest/config/enabled to on, which is the default. The default port for communication is the default port + 100 (for example, 50105 for a Concentrator), but that can be changed by setting the /rest/config/port parameter. SSL is controled by the setting in /sys/config/ssl.

Note: By default, the REST interface accepts BOTH SSL and Non-SSL connections on the REST port. By setting /sys/config/ssl to on, ONLY SSL connections will be accepted on the REST port.

To enable the REST port:

  1. In the NetWitness Platform web user interface, go to (Admin) > Services and select a service, for example, a Concentrator.
  2. In the Host column, click on the host name. The Hosts page opens, and the IP address of the host is displayed in the Host column. Make a note of the IP address.
  3. Note: If the IP address listed in the Host column is the same as the IP address of the NetWitness Platform web UI, the API is not available for that service.

  4. Go to (Admin) > Services, select the service, and then select View > Config. Under System Configuration, note the port number. You will use this port number as a basis for accessing the API, but you must add 100 to it. For example, if the port number is listed as 50005, you would enter 50105.
  5. In the browser, type the IP address of the service and append the port number to the IP address as shown here:
    http://<hostname or IP address>:<port>

    Note: The URL is HTTP, and not HTTPS.

  6. In the Authentication dialog, enter the user name and password and click Log in. The root node tree used by NetWitness Platform is displayed:

Previous Topic:Usage
Next Topic:Packets
You are here
Table of Contents > Enable