You can configure the Endpoint Metadata for the NetWitness Endpoint 220.127.116.11 in one of the following ways:
- (Option 1) Integrate the NetWitness Endpoint 18.104.22.168 Console Server to an Endpoint Hybrid or Endpoint Log Hybrid - The NetWitness Endpoint 22.214.171.124 or later agents data will be available in the Investigate > Hosts and Files view, and you can view the Endpoint metadata in the Investigate > Navigate and Event Analysis view. For this option, make sure the Endpoint sever is configured for meta forwarding.
- (Option 2) Integrate the Meta Integrator service in the NetWitness Endpoint 126.96.36.199 directly to a Log Decoder - You can view the Endpoint metadata in the Investigate > Navigate and Event Analysis view. The NetWitness Endpoint 4.4 agents data will not be available in the Investigate > Hosts and Files view.
In addition to the categories mentioned for the NetWitness Endpoint 11.1 agents, the following categories are also forwarded for the NetWitness Endpoint 188.8.131.52 or later agents - File event, Network event, Registry event, and Process event.
Configuring the NetWitness Endpoint 184.108.40.206 Console Server
Configuring the Client Certificate on the NetWitness Endpoint 220.127.116.11 Console Server (for Option 1)
The NetWitness Endpoint 18.104.22.168 Console Server must use the same client certificate that the NetWitness Endpoint 11.1 agents use to forward the metadata to the Endpoint Server.
- Download the agent packager. For more information, see Endpoint Insights Agent Installation Guide.
- Extract AgentPackager.zip and from the Config folder, obtain the client certificate.
- Copy the client certificate to the NetWitness Endpoint 4.4 Console Server.
- Double-click on the client file.
The Certificate Import Wizard dialog is displayed.
- Select the store location as Local Machine and click Next.
- Browse the file you want to import and click Next.
- Click Next and Finish.
The certificate is listed under Personal, Intermediate Certificate Authorities > Certificate and Trusted Root Certification Authorities in the Console Server.
Enabling the Metadata Forwarding in the NetWitness Endpoint 22.214.171.124 (for Option 1)
To enable the metadata forwarding for the selected NetWitness Endpoint 126.96.36.199 agents, run the following command:
For example, ConsoleServer.exe /nw-investigate set-endpointdecoder baseuri https://<Ip Address>:443 certificate rsa-nw-endpoint-agent
Enabling the NetWitness Endpoint 188.8.131.52 Meta Forwarding to the Log Decoder (for Option 2)
To enable the Metadata Integrator service for the selected NetWitness Endpoint 184.108.40.206 agents, run the following command:
ConsoleServer.exe /nw-investigate enable.
Enabling Machines to Forward Metadata from the NetWitness Endpoint 220.127.116.11 to the NetWitness Endpoint Server (for Option 1 and 2)
After you enable the Metadata Forwarding using any one of the above options, perform the following to enable the machines to forward metadata.
- Open the NetWitness Endpoint 18.104.22.168 user interface.
- Click Machines from the left panel. The list of available machines are displayed.
- Select machines for which you want to forward metadata to the NetWitness Endpoint Server.
- Right-click and select the NetWitness Investigate option.
The Change NetWitness Investigate Status dialog is displayed.
- Select the Enable NetWitness Investigate option.
- Click Apply.
- To verify if the Enable NetWitness Investigate option is enabled, repeat step 4.