RSA NetWitness Platform

Gianluca Chiappini in RSA NetWitness Platform1 day ago (Show more)

Hi, a customer has HPE devices that must forward security events in a format compatible with the RSA Netwitness platform. I have not found documentation relating to my customer's request. Could you help me to answer the customer? Many thanks Best Regards Gianluca

Josh Randall

in RSA NetWitness Platform2 days ago (Show more)

Identifying Multi-Valued Metas in the RSA NetWitness Platform

The concept of multi-valued meta keys - those which can appear multiple times within single sessions - is not a new one, but has become more important and relevant in recent releases due to how other parts of the RSA NetWitness Platform handle them. The most notable of these other parts is the Correlation Server service, previously known as the… (Show more)

Marco Meli

in RSA NetWitness Platform2 days ago (Show more)

Detecting Living-Off-The-Land tactics with the RSA NetWitness Platform

What are LotL tactics? Living-Off-The-Land tactics are those that involve the use of legitimate tools for malicious purposes. This is an old concept but a recent growing trend among threat actors because these types of techniques are very difficult to detect considering that the tools used are whitelisted most of the time. A good list of… (Show more)

Dave Glover

in RSA NetWitness Platform3 weeks ago (Show more)

Log Parser tool on Linux

Currently the Log Parser Tool is built for Windows and Mac. Using Wine 4.x you can install and run the Log Parser tool on Linux (Mint and Ubuntu) To install and run the LPT on linux you need to follow the following instructions: Install Wine 4.x Download the Log Parser Tool MSI File Execute the following statement from where the msi… (Show more)

2 repliesShow more activity

Josh Randall

(to Dave Glover) 3 days ago (Show more Show less)

Can confirm this also works with wine 5.0

Actions

William Genest in RSA NetWitness Platform1 week ago (Show more)

Memory Metrics for ESA Rules in 11.x

Hi all, I want to find out which ESA rules are causing high memory usage problems. I found this documentation: Alerting: View Memory Metrics for Rules, but it was made for Security Analytics 10.6.5. I cannot seem to find a way to do this in Netwitness 11.x (particularly 11.3). Anyone know about this? Thank you and have a nice day.

2 repliesShow more activity

William Genest (to Josh Randall) 4 days ago (Show more Show less)

Thank you Josh for the information. Are these statistic for the last hour as they were in 10.6?

Actions

Varun Govindaraj in RSA NetWitness Platform5 days ago (Show more)

ESA Rule- How to avoid reiteration of notification in console

Hi, For the ESA Rule is there an option not to create additional notifications for certain time post first notification. For example lets take an alert logic where the requirement is to alert multiple failed login attempted by User A for 5 times in 2 minutes where in I could create rule logic but could not restrict in such a way that once alert… (Show more)

3 repliesShow more activity

Sravan Kumar Koneti

(to Varun Govindaraj) 4 days ago (Show more Show less)

Hi Varun Govindaraj, This will not impact performance of ESA. But, advances to avoid duplicate alerting.

Actions

Lee Kirkpatrick

in RSA NetWitness Platform1 week ago (Show more)

Around the Fire With Old Friends (CVE-2019–0604, and CVE-2017-0144)

In this post we will cover CVE-2019-0604 (https://nvd.nist.gov/vuln/detail/CVE-2019-0604), albeit a somehwhat older vulnerability, it is one that is still being exploited. This post will also go a little further than just the initial exploitation of the Sharepoint server, and use EternalBlue to create a user on a remote endpoint to allow lateral… (Show more)

Eric Crawford

in RSA NetWitness Platform5 days ago (Show more)

lost endpoint event alert details after 11.4 upgrade

Internal Use - Confidential Hi folks, Looking for some guidance troubleshooting an issue that cropped up in a training NW Endpoint environment after upgrading from 11.3.0.0 to 11.4. Looking at host details in the original 11.3, I see the historical alert details I need: In 11.4, this information is lost. Retention/group policies… (Show more)

Maxim Siyazov in RSA NetWitness Platform2 years ago (Show more)

NetWitness 11.x backup and restore procedure or script

I cannot seem to find any documentation or a script to perform a backup and restore of NW 11.x host's configurations. It must be hidden somewhere.

6 repliesShow more activity

John Snider

(to Maxim Siyazov) 5 days ago (Show more Show less)

The official documentation for NRT (Netwitness Recovery Tool): NRT: Disaster Recovery (Back Up and Restore) I wrote a wrapper to NRT that allows centralized backup of all hosts to the NW server or a remote SCP/NFS location Centralized Backup & Restore of NetWitness Version 11.2+ (A Wrapper Script for NRT)

Actions

RSA Product Team mentioned RSA NetWitness Platform 5 days ago Show mention context

RSA is notifying all users of the scheduled End of Primary Support (EOPS) for RSA NetWitness Platform version 11.3.x

RSA NetWitness Platform

Manage

Recent Activity