William Hart

Latest NetWitness Investigator Freeware Client

Discussion created by William Hart Employee on Aug 22, 2016
Latest reply on Aug 24, 2016 by William Hart
Welcome NetWitness Fans!
In case you have not heard we just posted the latest revision of the NetWitness Investigator Freeware client. This is also an update to the Security Analytics 10.5 enterprise client to NetWitness 10.6.1 since now the enterprise and freeware clients are one in the same.
The Freeware client is intended to provide access to the greater community to support users who need an open source or free solution in certain environments. Allow users to try out NetWitness to get familiar with how to write rules, execute queries, and test custom content. Investigator is certainly powerful in its own right but is one piece of the RSA NetWitness suite that helps analysts detect and analyze threats in enterprise networks.
The main highlights for this release:
  • Updated NetWitness libraries to 10.6.1
  • Freeware & Enterprise in single Windows 64 bit client
  • Includes a few unencrypted sample Lua parsers
  • New MSI Installer
  • Freeware:
    • Automated registration process
    • RSA Link Community section for support - located here: RSA NetWitness Investigator
    • Limited to packet capture and import
    • Limited by 25 2GB storage collections
  • Enterprise:
    • No registration required by connecting to an enterprise device
    • Lua parser content available from Live
    • Can connect to packet and log devices
    • Limited by 100 1TB storage collections

Outcomes