Skip navigation
All Places > Products

RSA NetWitness Platform

Log in to follow, share, and participate in this community.

Recent Activity

Jeremy Kerwin
We have a poorly coding internal application that keeps triggering the Endpoint ESA rule 'unsigned outbound from temp directory'   What would be the best way to whitelist this so it doesn't keep showing up in alerts in the respond module?
in RSA NetWitness Platform
Sean Ennis
Click to view contentWe are excited to announce the release of the new RSA OSINT Indicator feed, powered by ThreatConnect!     What is it? There are two new feeds that have been introduced to RSA Live, built on Open Source Intelligence (OSINT) that has been curated and scored by our partners at ThreatConnect: RSA OSINT IP Threat Intel Feed, including Tor Exit Nodes… (Show more)
in RSA NetWitness Platform
Josh Randall
Click to view content**UPDATE 22FEB2021** changing from 11.3 specific capabilities to more general, multi-version 11.x capabilities RSA Live Endpoint Content: Endpoint Content  NW-Endpoint Ports, Protocols, & Architectures: https://community.rsa.com/docs/DOC-83050#NetWitne   NW-Endpoint Quick Start Guide: NetWitness Endpoint Quick Start Guide for RSA NetWitness… (Show more)
in RSA NetWitness Platform
Csi Piemonte D-Soc
Good afternoon, we are getting the following error with the logs-packet: 2021-02-23 13:56:00,524 [ native-X.X.X.X-0] ERROR c.r.a.s.s.n.NwNativeAggregationSource|Source admin@X.X.X.X:X.logs-packets-sa-managed received an error java.lang.Exception: invalid language index 2021-02-23 13:56:01,211 [-managed-stream-subscription-0] WARN… (Show more)
in RSA NetWitness Platform
Csi Piemonte D-Soc
We are trying to build a esa rule named Compliance - Windows - WinAdmCSI Logins We want this rule to fire each time a Windows administrator logs in during not working hours.   This is the syntax of our rule: @RSAAlert() create context NotWorkingHours start (0, 18, *, *, *) end (0, 9, *, *, *); context NotWorkingHours SELECT * FROM     Event(… (Show more)
in RSA NetWitness Platform
Michael Gallegos
Click to view contentIntroducing RSA NetWitness Platform's support for AWS VPC Traffic Mirroring!   By partnering with AWS and integrating with their AWS VPC Traffic Mirroring, customers are able to access to the right virtual traffic and network metadata from AWS environments. The AWS VPC Traffic Mirroring allows users to capture and inspect network traffic to… (Show more)
in RSA NetWitness Platform
Uq1lws3RT39tp8reFD8y8NuuHaHt7KaBBIJDVDjgnPY=
Hi,   I would like to use the European "ETSI GS ISI" classification for incidents in the  Incident management solution (10.4).   How can I modify/add categories ?   I found that categories are store in the collection categories of the ESA mongodb but each categorie looks linked to a Java Object :   {     "_id" :… (Show more)
in RSA NetWitness Platform
Miguel Lallana
For Netwitness 11.5.2, what is the process to install certificates used for the console UI? We are looking to generate a CSR to be signed by our CA.
in RSA NetWitness Platform
Kelly Ahlers
Click to view contentShout out to @Casey Switzer, @Josh Randall & @Larry Hammond.  Without their help, the lab, configuration and operational considerations would not be possible.   Last year in RSA NetWitness 11.3, a new integration was introduced to allow NetWitness to integrate with RSA SecurID to populate high risk users from incidents in Respond.   @Josh Randall… (Show more)
in RSA NetWitness Platform
Josh Randall
Click to view contentOne of the more common requests and "how do I" questions I've heard in recent months centers around the Emails that the Respond Module can send when an Incident is created or updated.  Enabling this configuration is simple (https://community.rsa.com/docs/DOC-86405), but unfortunately changing the templates that Respond uses when it sends one of… (Show more)
in RSA NetWitness Platform
Load more items