RSA NetWitness Logs & Network Using the REST API

Document created by Elena Komarova Employee on Jan 23, 2017Last modified by Joseph Cantor on Sep 10, 2019
Version 15Show Document
  • View in full screen mode

On-Demand Lab Details




In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us



Learn about RSA's implementation of the REST API and how it provides you with access to the proprietary backend, thus enabling you to automate administrative tasks, extract data programmatically, and more. It includes a lab environment in which you will practice your new skills.



This self-paced tutorial comes complete with lab exercises in which you will explore the different ways to access key metrics, controls, and metadata within RSA NetWitness Logs & Network. It begins by reviewing how RSA has implemented the REST API and reasons for its use.  Then, through a series of demonstrations, it shows Administrators, Developers, and security team members how to "get," "set," and use data from the back-end of the RSA NetWitness product in a programmatic fashion. Different access methods such as use of the NetWitness GUI, the REST GUI, CLI use of curl, and automated uses within tutorial scripts are presented and compared.  The course even provides a sample Python script that you can extend for your own use.  Lab exercises walk you through "real life" examples of REST API's use and give you the foundations to begin your own research and use of this powerful tool.  



Intended for Administrators, Developers, and security team members


Delivery Type

On-Demand Lab



3 hours


Accessing the Lab Environment

Lab exercises are performed in the RSA University virtual lab environment. The downloadable Lab Guide provides detailed instructions on access the environment. For more information please view the document Access RSA University Virtual Labs – available on the RSA University site: RSA University Content


Prerequisite Knowledge/Skills

Students should have completed the following training (or have equivalent knowledge) prior to taking this training:

  • RSA NetWitness Introduction to REST API eLearning
  • While no programming knowledge is necessary, it is helpful.
  • Students must have a strong understanding of RSA NetWitness Logs & Network.


Learning Objectives

Upon successful completion of this course, participants should be able to:

  • Describe the REST API and its uses
  • Discuss how the Explore View of each Service-type relates to the REST API
  • Access and pull key metrics using the REST API GUI
  • Discuss how the URL string is used to pull data in a CLI
  • Describe how the REST API can set configurations
  • Describe how the REST API can be used to pull Metadata and values
  • Discuss use of the REST API in a script


Course Outline

  • Module I
    • What is the REST API & What are its common uses?
    • How to navigate the REST API and why its easier than NwConsole
    • REST Help
    • Multiple Output Options
    • Pulling Meta Data and Values
    • Building the URL String
    • Getting Statistics and Setting Configurations
    • Querying Meta Data and Values with REST
    • Trees and Nodes
  • Module II
    • Extended examples of using the REST API 
  • Module III
    • A Simple example with the GUI, REST GUI, and curl
    • Using REST with curl
    • Another Example Using Another Stat: capture.rate (with csv)
    • Simple Python Script Example
    • Configuration Consistency
    • How to secure the REST API
    • Using REST – the Analyst Perspective
    • How to Find a Metric of Interest with REST






On-Demand Lab Details




In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us

1 person found this helpful