Live: Packaging Resources

Document created by RSA Information Design and Development on Feb 9, 2018
Version 1Show Document
  • View in full screen mode

The primary use for creating and subsequently deploying a resource package is for customers using an air gap network environment. In this case, you create a resource package on the network that is connected to the internet, and then deploy the resource package on the more secure network.

Create and Deploy Resource Package Use Case

The basic steps are as follows:

  1. Access NetWitness Suite Live Services using an instance that is connected to the internet.
  2. Create a Resource package as described below, adding whichever content items you need.
  3. Copy the ZIP archive of the packages to your secure NetWitness Suite instance, by using a thumb drive or other manual copying process.
  4. On the secure NetWitness Suite instance, deploy the resource package. Details for this procedure are in Resource Package Deployment Wizard.

Prerequisites to Create a Resource Package

A prerequisite for creating resource packages is configuration of the connection and synchronization between the CMS server and NetWitness Suite and the ability to search for resources in the User Interface.

Procedure to Create a Resource Package

The following procedure creates a resource package, as a ZIP archive, which is saved to your local file system.

To create a resource package:

  1. Navigate to CONFIGURE > Live Content from the RSA NetWitness UI.
  2. Select the resources that you want to package in the Matching Resources grid.

    Matching Resources in grid view

  3. Select some or all of the resources that are listed in the Matches Resources pane.
  4. Select package button > Create.

NetWitness Suite creates a .zip archive that contains the selected resources and downloads it to your default download folder. NetWitness Suite gives the package a generic name. You should rename it when you save it so that it identifies the resources contained in the package.

Example: Create Threat Package

In this example, we create a resource package that contains all the content that is categorized as Threat. Then we rename it, using the type of content and date.

  1. Navigate to CONFIGURE > Live Content from the RSA NetWitness UI.
  2. From the Category section, select THREAT.
  3. Select all items returned by clicking on the checkbox in the column header row of the Matching Resources pane.

  4. Select package button > Create.

    A ZIP archive is saved to your Downloads folder. For example,

  5. Rename the package to something meaningful. For example, in this case, you cold change the package name to (assuming today's date is January 31, 2018).

The resource package is now available for later deployment.

Example: Deploy Threat Package

Continuing the previous example, we deploy the resource package that we created.

  1. Navigate to CONFIGURE > Live Content from the RSA NetWitness UI.
  2. In the Matching Resources pane, select package button > Deploy.
  3. Click Browse and navigate to the file that we created earlier.

  4. Click Next.

    The Resources page is displayed, showing details for the resources in the package.

  5. Click Next.

    The Services page displayed has two tabs, Services and Groups, which provide a list of services and service groups that are configured in the Admin > Services view. The columns are a subset of the columns available in the Services view.

  6. Select the services to which you want to deploy the content. You can select any combination of services and service groups.


  7. Click Next.

    The Review page is displayed.

    Make sure that you have selected correct resources and the services to which you want to deploy them.

    Click Deploy to complete the deployment process. Alternatively, you can choose Cancel or Previous to either cancel the deployment or go back to the previous screen.
Previous Topic:Remove a Feed
You are here
Table of Contents > Additional Procedures > Packaging Resources