Skip navigation
All Places > Products

RSA NetWitness Platform

Log in to follow, share, and participate in this community.

Recent Activity

Massimiliano Crescenzi
Click to view contentHello community, I am new to using the RSA NetWitness product. I started reading the ESA Rule documentation to try create a custom correlation but I have problems. (Version Product 11.4.0.0) I create a ContextHub List containing malicious hash (SHA256). I add the CH list in ESA Rule tab --> Settings --> Enrichment Souces After this I created… (Show more)
in RSA NetWitness Platform
Leonard Chvilicek
Click to view contentOverview If you are looking at retention requirements for compliance, making decisions about the architecture, or to retain a decent investigation history, NetWitness retention is always at the top of these discussions.  As we all find out over time, retention is something that needs to be monitored for trends so informed decisions can be made to… (Show more)
in RSA NetWitness Platform
Matteo Zaccagnino
Hi everyone, I am experiencing problems with an ODBC event source in the Log Collector. The event collection was fine until this morning when I saw that the ODBC Event Source was looping back and forth between two different timestamps (the following is the result of tail /var/log/messages | grep XXX): Jan 19 09:50:20 hostname… (Show more)
in RSA NetWitness Platform
Jeremy Kerwin
I'm looking to write a few python scripts to use as notifications for an external system (mainly TheHive). I'd like to use TheHive4Py library as part of that script and I'd like to know if there will be any issue if I install the Python library TheHive4Py in NetWitness Thanks.
in RSA NetWitness Platform
David Pelletier
Hi,     We're having an issue with the winevent_nic log parser, specifically the fact that it can't process French server logs properly.  For instance:     Audit Success would translate in French as 'Succès de l'audit' in the logs.  However, putting both 'Succès de l'audit' or 'Succès de l’audit' won't allow the parser tool to… (Show more)
in RSA NetWitness Platform
John Snider
NOTE:  Updated to support 11.4.1.2Scenario You need to remotely backup your NetWitness hosts to a central location, to satisfy Disaster Recovery Requirements, perform a Tech Refresh, or to be prepared for RMA replacement of a device. Solution – A Wrapper script for NRT Building off the framework of the original nw-backup scripts written for 10.x…
in RSA NetWitness Platform
Yacine BERREZOUG
Hello,   I have a parsing issue with the following Linux log : <37>Jan  4 19:56:01 hostname PAM-unixteam[2373]: pam_sm_acct_mgmt(service=crond, terminal=cron, user=root, ruser=UNDEF, rhost=UNDEF) This log is not matching rhlinux devices type and is parsed as unknown. By removing syslog PRI in the header : Jan  4 19:56:01 hostname… (Show more)
in RSA NetWitness Platform
Tommy Mendez
Hello,   I need to know if this is the correct link that show me how to create a STIX report Decoder: Create a STIX Custom Feed, also I need to know if the lastest version of Netwitness (11.5.x) support STIX 2.0.
in RSA NetWitness Platform
Load more items