|Applies To||RSA Product Set: NetWitness Logs & Network|
RSA Version/Condition: 10.6.x & 11.x
|Issue||You can use the REST API & NwConsole to extract many useful pieces of information from Netwitness. One such piece of information is a listing of session IDs based on a specific query. The issue here is that the query used in NwConsole may not always produce the same output when using the REST API due to incorrect HTML URL encoding.|
|Resolution||The following example is from a lab environment. The below query can be used to extract the session id’s for the device type ‘windows’ from 01st of April 2019 to 3rd of April 2019|
Within the NwConsole:
If you attempt to use the same query with the REST API (web browser), the session ids which are produced do not adhere to the query's time range.
The following is the REST query used in a browser after the browser automatically URL encodes it: