000034596 - Does the RSA NetWitness Suite network parser support HTTP/2?

Document created by RSA Customer Support Employee on Dec 29, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000034596
Applies ToRSA Product Set: Security Analytics, NetWitness Logs and Packets
RSA Product/Service Type: Packet Decoder
RSA Version/Condition: 10.4.x, 10.5.x, 10.6.x
Platform: CentOS
O/S Version: EL6
IssueSome HTTP packets are not parsed correctly.
The View Text view in Investigation shows the HTTP request as encrypted data as shown below.
User-added image
ResolutionThe issue is caused when parsing HTTP/2 sessions as the current HTTP parser does not currently support HTTP/2.