RSA NetWitness Platform

in RSA NetWitness Platform2 years ago (Show more)

RSA NetWitness Free Tech Huddle Webcasts

RSA NetWitness Tech Huddles are an ongoing series of online presentations that cover a wide range of technical topics specific to RSA NetWitness solutions, including detailed discussions and demonstrations of the latest features and offerings, how-to’s, tips and tricks, and more. Check the schedule below for upcoming topics. All RSA NetWitness…

2 commentsShow more activity

Modified by William Hart • 3 days ago

Kelly Ahlers

in RSA NetWitness Platform3 days ago (Show more)

Using Feeds to Whitelist Endpoint Rules

A question has come up a few times on how someone could exclude certain machines from triggering NetWitness Endpoint Agent alerts easily. This particular use case were their "Gold Images" which are used for deploying machines. As part of a bigger vision for other server roles & rules, a custom meta key was created called Server.Role to hold… (Show more)

Ray Blair in RSA NetWitness Platform3 days ago (Show more)

Mapping between log messages and Meta data

Where is the mapping defined between NetWitness and syslog messages? For example if I want to see a failed ssh login on a RedHat system I could look for the following in /var/log/messages: # type=USER_AUTH # $msg contains the following; ‘op=PAM’ exe=”/usr/sbin/sshd” res=failed # acct=username can identify who performed the ssh… (Show more)

1 replyShow more activity

Dave Glover

(to Ray Blair) 3 days ago (Show more Show less)

Ray The are parsers involved which normalize the data These parsers are located in /etc/netwitness/ng/envision/etc/devices For example with a Redhat failed login -> Jul 10 17:44:18 NW-HU unix_chkpwd[22684]: password check failed for user (root) Using the RedHat parser line matching the log message -> …

Actions

Ben Taratoot in RSA NetWitness Platform3 days ago (Show more)

How do I modify a parser to map meta differently?

First, I'm a beginner with Netwitness so forgive me if my terminology is slightly off. I'm using the default ZScaler NSS parser from RSA. It has been working for some time. I just need to make a slight change. Currently the urlclass in the raw log is not mapped to any meta (as far as I can tell). The category meta currently shows its value equal… (Show more)

1 replyShow more activity

Dave Glover

(to Ben Taratoot) 3 days ago (Show more Show less)

Ben If you want to reach out to me directly I can walk you through what you need to do. We can also examine what you have done so far. Dave

Actions

vladimir rydvanov in RSA NetWitness Platform2 weeks ago (Show more)

RSA NW 11.4 Language pack Release Notes

Hello! I can`t find document named RSA NetWitness Platform 11.4 Language Pack Release Notes.

1 replyShow more activity

vladimir rydvanov (to vladimir rydvanov) 3 days ago (Show more Show less)

I just need more precise about what languages added in 11.4 language pack. Thank you!

Actions

Shared by Denise Sposato

from RSA Archer Suite4 days ago (Show more)

RSA Webinar: Digiville DIY Spotlight - Adapt Compliance for Business Disruption, Thurs., July 23 @ 11:00 am EDT

Welcome to Digiville, the bustling city where risk and security leaders come together to manage digital risk and enable business transformation. In this episode of “Good Morning Digiville,” RSA Portfolio Strategist Steve Schlarman will take you on a subway tour of Digiville’s Compliance neighborhood. There, he’ll meet up with RSA Risk Strategist… (Show more)

Ernie Castro in RSA NetWitness Platform4 months ago (Show more)

Office 365 Log Collecting/Rules

I recently integrated Office 365 logs into NetWtiness. I installed all 5 parser packs and everything works fine. I want to set up dashboards and enable some rules and would like to know a good baseline to start. Has anyone made Office 365 dashboards? What do they display and what are some specific things to look for? Are my current… (Show more)

4 repliesShow more activity

Lawrence Khoo (to Ernie Castro) 4 days ago (Show more Show less)

Hi Ernie, yes I followed the Microsoft_Office365 guide from RSA but I don't see msoffice365 as event type. Ya, the test pass when I added the event source. Are there any more steps that you did that are not stated within the guide? My log collector's log are spamming messages like "[office365audit.office365] [processing] [WorkUnit] [processing]…

Actions

Stewart Gray in RSA NetWitness Platform5 days ago (Show more)

Reindexing new meta

I've included a new meta key under index-concentrator-custom.xml to be indexed (and be searchable). Is it possible to have this meta information available for historical / old log data and not just new data? There is a doc here Rebuilding the Index which talks about reindexing, but i'm not 100% sure if it applies to new meta / modified meta. I… (Show more)

3 repliesShow more activity

Michael McGillick

(to Stewart Gray) 5 days ago (Show more Show less)

Hello Stewart: For the older data prior to making the change, yes. Once configured, though, RSA Netwitness is great at helping you dig through what's important versus what is just noise - Like most strong advanced SIEM systems, that usually requires understanding what you have coming in and then tuning it to how it is going to be most useful to…

Actions

RSA Product Team mentioned RSA NetWitness Platform 5 days ago Show mention context

RSA is notifying all users of the scheduled End of Primary Support (EOPS) for RSA NetWitness Endpoint version 4.4.x

Prasanna Madhushanka in RSA NetWitness Platform5 days ago (Show more)

Error pop up when config checkpoint to RSA

Hi, We need to add our Checkpoint logs to RSA Engine. When we trying to pull cert in RSA event source following error occurred.Please help to resolve this matter. We followed attached guideline for the configurations.Please assist to solve this.Thanks!

RSA NetWitness Platform

Manage

Recent Activity