|Applies To||RSA Product Set: NetWitness Logs and Network|
RSA Product/Service Type: Packet Decoder
RSA Version/Condition: 10.6.x and 11.x
A common task in the care and maintenance of your RSA NetWitness Decoders is the review of traffic types to apply the appropriate network rule and application rule filters. Filtering unwanted traffic is good for the overall health of the system.
Why filter traffic coming into your decoder(s)?
Network traffic allowed into your network should be covered by some type of governance or policy e.g. an information classification system. If there are security controls in place that regulate traffic, then a decision may be made to accept the risk associated with certain types of common traffic and NOT monitor this traffic using the RSA NetWitness NextGen system.
One of the factors in this decision will be if this common traffic comprises a significant portion of daily collected traffic.
Goals of Filtering
|Notes||Some useful links for other KBs related to traffic filtering:|
|Legacy Article ID||a59830|