AnsweredAssumed Answered

NetWitness REST interface syntax documentation/examples

Question asked by wvcain on Sep 18, 2014
Latest reply on Sep 19, 2014 by RSA Admin

Trying to get the REST interface into our NetWitness working.  Have read the doc, but can't seem to find the right doc to read.  Some example of full URLs to get data could be very helpfull as there is little debug info (by design) when you get it wrong, and I am getting it wrong.

 

Found the Python script and slides- handy but not getting joy.  Do love a good python script.

 

It's time for an example.  I want to get all the meta data for a time range between two ips  Via the GUI, it looks like this:

  • Src.ip = 198.238.111.52
  • Dst.ip = 23.6.166.45
  • startTime = 2014-09-17 13:47 
  • endTime = 2014-09-18 13:46

 


94965


In REST I am trying to use:  http://172.16.90.195:50105/sdk?msg=query&%22Select=*%20WHERE=%20time=%20%272014-09-17%2013:47%20-%202014-09-18%2013:47%2…


Of course I do not get any return beyond a 200.


I not this is a neub question, but I am a neub and believe I have done my research.  Perhaps some examples of "correct" requests would point me in the right direction-



Outcomes