Skip navigation
All Places > Products

RSA NetWitness Platform

Log in to follow, share, and participate in this community.

Recent Activity

Gianluca Chiappini
Hi,  a customer has HPE devices that must forward security events in a format compatible with the RSA Netwitness platform. I have not found documentation relating to my customer's request. Could you help me to answer the customer? Many thanks Best Regards Gianluca
in RSA NetWitness Platform
Josh Randall
Click to view contentThe concept of multi-valued meta keys - those which can appear multiple times within single sessions - is not a new one, but has become more important and relevant in recent releases due to how other parts of the RSA NetWitness Platform handle them.   The most notable of these other parts is the Correlation Server service, previously known as the… (Show more)
in RSA NetWitness Platform
Marco Meli
Click to view contentWhat are LotL tactics? Living-Off-The-Land tactics are those that involve the use of legitimate tools for malicious purposes. This is an old concept but a recent growing trend among threat actors because these types of techniques are very difficult to detect considering that the tools used are whitelisted most of the time. A good list of… (Show more)
in RSA NetWitness Platform
Dave Glover
Click to view contentCurrently the Log Parser Tool is built for Windows and Mac.     Using Wine 4.x you can install and run the Log Parser tool on Linux (Mint and Ubuntu)   To install and run the LPT on linux you need to follow the following instructions:   Install Wine 4.x  Download the Log Parser Tool MSI File Execute the following statement from where the msi… (Show more)
in RSA NetWitness Platform
William Genest
Hi all,   I want to find out which ESA rules are causing high memory usage problems. I found this documentation: Alerting: View Memory Metrics for Rules, but it was made for Security Analytics 10.6.5. I cannot seem to find a way to do this in Netwitness 11.x (particularly 11.3). Anyone know about this?   Thank you and have a nice day.
in RSA NetWitness Platform
Varun Govindaraj
Hi,   For the ESA Rule is there an option not to create additional notifications for certain time post first notification. For example lets take an alert logic where the requirement is to alert multiple failed login attempted by User A for 5 times in 2 minutes where in I could create rule logic but could not restrict in such a way that once alert… (Show more)
in RSA NetWitness Platform
Lee Kirkpatrick
Click to view contentIn this post we will cover CVE-2019-0604 (, albeit a somehwhat older vulnerability, it is one that is still being exploited. This post will also go a little further than just the initial exploitation of the Sharepoint server, and use EternalBlue to create a user on a remote endpoint to allow lateral… (Show more)
in RSA NetWitness Platform
Eric Crawford
Internal Use - Confidential   Hi folks,   Looking for some guidance troubleshooting an issue that cropped up in a training NW Endpoint environment after upgrading from to 11.4.   Looking at host details in the original 11.3, I see the historical alert details I need:       In 11.4, this information is lost.  Retention/group policies… (Show more)
in RSA NetWitness Platform
Maxim Siyazov
I cannot seem to find any documentation or a script to perform a backup and restore of NW 11.x host's configurations. It must be hidden somewhere. 
in RSA NetWitness Platform
Load more items