This topic provides an introduction to Live Feedback. Live Feedback collects relevant information such as the Licensing usage data for Packet Decoder, Log Decoder and Malware Analysis, Threat Detection Enabled or Disabled status, Number of enabled ESA rules,and version number details of all the services of NetWitness Suite. For more information about the licensing usage data for Packer Decoder, Log Decoder and Malware Analysis, see the Metered Licenses Tab topic in the Licensing Guide. The information is collected to improve future releases of NetWitness Suite. You will automatically be signed on to live feedback and you cannot disable this option.
In addition to this, information on the Live Content Usage can also be shared with RSA. Live Content usage metrics for resource types from CONFIGURE > Live Content > Search Criteria such as total count of RSA Application Rule, RSA Correlation Rule etc. can be shared with RSA. The information collected is used to improve the use of Live Content. For more information about sharing live content configuration, see Live Services Configuration Panel.
About Live Feedback Participation
When you participate in Live Feedback, it collects relevant information for further improvement. For information on Live Feedback, see Live Feedback Overview.
When you install NetWitness Suite, you will be prompted to participate in Live Feedback. For information, see Configure Live Services Settings
If needed, you can manually download historical usage data and share it with RSA. For information on how to download historical usage data and share it with RSA, see Upload Data to RSA for Live Feedback.
The Live Feedback data is in JSON format as mentioned below. When you sign up with your Live Account credentials, a single encrypted JSON file is automatically uploaded to the RSA servers everyday.
The JSON file consists of usage data information for a component or a set of components. In case of a set of components with the same license id, the usage data for all the components is aggregated and represented as a component called Entitlement. However, even if there is a single component such as a log decoder or decoder, an Entitlement component will be generated and will display the usage data for a single component. This aggregation is for components namely log decoders, decoders or malware analysis.
For example, if there are three Decoders with the same license id "xxx" with the following usage data:
Decoder1 = 150 MB
Decoder2 = 250 MB
Decoder3 = 100 MB
The aggregated usage data of 500 MB is displayed.
This JSON file is described in the following sections:
- Other Product Details
Details of each service in your NetWitness Suite deployment. This is represented as Component. For each component the following details are displayed.
Metrics of the components (hosts) such as log decoder, decoder and malware analysis. The license usage data for each host is shared. For Live Content usage metrics, resource types from CONFIGURE > Live Content > Search Criteria such as total count of RSA Application Rule, RSA Correlation Rule etc. are shared.
Other Product Details
- Product Type - This is the name of the product. In this example, the Product Type is NetWitness Suite.
- Version - This is the version of the JSON file which tracks the changes made to the file format.
- Product Instance - This is the License Server ID.
- Checksum - This is the information which is used for integrity checks.
The following table describes details of the JSON file with examples.
The JSON file includes details of all the licenses currently available on the appliance. Here is a sample of the Entitlement information within the JSON file for a service based license for Broker.
For Endpoint, WinHosts, LinuxHosts and MacHosts metrics are displayed which indicate the number of agents deployed. Here is a sample of the Endpoint metrics within the JSON file.