Hello, my corporation owns a huge deployment of RSA Netwitness where we store logs and packets. I've been a user of the platform for several years, but now I've been asked to jump in and help with parsing and alerting duties. We do have a lab setup but it's for staging and the engineers who support it don't want to "mess it up". Is there a solution to get a smaller environment going with either some VM's or docker containers where I can practice configuration, ingestion, parsing, ESA and alerting on my own corporate asset or a smaller ESX environment?
Hi, Jason.
You should be able to build what you're looking for by using this blog post as a reference:
https://community.rsa.com/community/products/netwitness/blog/2019/09/13/tips-to-build-small-netwitness-virtual-hosts
Best,
Fink