• Centralized Backup & Restore of NetWitness Version 11.2+  (A Wrapper Script for NRT)

    NOTE:  Updated to support 11.4.1.2Scenario You need to remotely backup your NetWitness hosts to a central location, to satisfy Disaster Recovery Requirements, perform a Tech Refresh, or to be prepared for RMA rep...
    John Snider
    last modified by John Snider
  • Interpreting Regex for IP range

    This document outlines the procedure to interpret the regex used for IP range in EPL syntax.   {1,3} represents 3 digit number [0-9] represents range number starting from 0 to 9   [0-9]{1,3} represen...
    Sravan Koneti
    last modified by Sravan Koneti
  • SNMP with Netwitness Appliances - SNMPv1,2 and 3 – Put it all together 11.x

    Updated for snmpv3: 01/14/2020 Updated for snmpv3: 06/01/2020 Updated for snmpv1,2: 08/10/2020 Scenario – You or your customer would like to link SNMP to the Netwitness for system monitoring purposes (Solarw...
    Thomas Jones
    last modified by Thomas Jones
  • RSA NetWitness® Platform Versions

    Click on a link below to visit the page for each product version. RSA NetWitness® Logs & Network | RSA NetWitness® Investigator | RSA NetWitness® Endpoint | RSA NetWitness® Orche...
    RSA Link Team
    last modified by Charan Rajakumar
  • RSA NetWitness Free Tech Huddle Webcast Replays

    Please find the upcoming Free Tech Huddle Webcast schedule here:  RSA NetWitness Free Tech Huddle Webcasts    PRESENTER / DATE TOPIC VIDEO REPLAY DOCUMENTATION Michael Gallegos - 05/29/2020 RSA N...
    Michael Gallegos
    last modified by Michael Gallegos
  • RSA NetWitness Free Tech Huddle Webcasts

    RSA NetWitness Tech Huddles are an ongoing series of online presentations that cover a wide range of technical topics specific to RSA NetWitness solutions, including detailed discussions and demonstrations of the late...
    Brian Dunphy
    last modified by Michael Gallegos
  • Threat Hunting with RSA - Heads Up and Hands On Virtual Event

      Ask 5 people what threat hunting is, and you'll get 6 different answers, because when it comes to threat hunting, it's still the Wild West.    This 2-hour Virtual workshop will cut through all of the ...
    Denise Sposato
    last modified by Siobhan Walsh
  • AWS Installation Guide for RSA NetWitness Platform 11.x

    RSA Product Team
    last modified by RSA Product Team
  • Heads Up Hands On Virtual Student Guide_6 22

    Student Guide
    Denise Sposato
    last modified by Denise Sposato
  • Heads Up Hands On Virtual Student guide

    Step # 2: Student Guide; Review Guide prior to event
    Denise Sposato
    last modified by Denise Sposato
  • iDRAC 9 Configuration and Maintenance Guide

    Summary This guide was developed to consolidate most iDRAC related configuration and maintenance tasks into a simple easy to use document that could be downloaded for local use.  Below is the list of topics cover...
    Leonard Chvilicek
    last modified by Leonard Chvilicek
  • Recover forgotten root password on CentOS 7

    Change Note: The attached script for changing passwords across all Netwitness hosts, has been updated due to changes in salt version in 11.4. Synopsis Normally resetting the root password is a simple task if you̵...
    John Snider
    last modified by John Snider
  • Recently Published Knowledge Base Articles for RSA NetWitness® Platform

    Date Range: Sunday, March 8th -- Saturday, March 14th   Article Title Author Last Published Date 000037370 - Install/Upgrade fails in RSA NetWitness Platform because Resolv::ResolvError: no address for a particul...
    RSA Link Team
    last modified by RSA Link Team
  • Parsing Suricata JSON logs with NW

    To successfully parse Suricata JSON logs via syslog collector we need to use LUA parser in NetWitness Log Decoder. Suricata LUA parser in this example is mapping only specific fields from JSON logs to metakeys. In ca...
    Miha Mesojedec
    last modified by Miha Mesojedec
  • Recently Published Knowledge Base Articles for RSA NetWitness® Endpoint

    Date Range: Sunday, December 22nd -- Saturday, December 28th   Article Title Author Last Published Date 000029763 - RSA NetWitness Endpoint RSA Live configuration error, Could not establish trust relationshi...
    RSA Link Team
    last modified by RSA Link Team
  • NetWitness Services List

    Hey NetWitness Users,      I recently received a pretty comprehensive listing of the various service names and locations of the NetWitness services!  I wanted to ensure I got this info out to the ...
    Robert Dredger
    last modified by Robert Dredger
  • VLC Load Balancing + Failover Video Files

    Naushad Kasu
    last modified by Naushad Kasu
  • ESA Notification script broken in version 10.6.6.1

    If you use notification scripts as part of your ESA rules and recently migrated to version 10.6.6.1 you may have noticed that the output notification "script" is not working any more but no worries, the solution to th...
    Alejandro Negron
    last modified by Alejandro Negron
  • Services on NW 11.x Admin Server

    Service Command  Log File Location Purpose Admin Server service rsa-nw-admin-server restart /var/log/netwitness/admin-server/admin-server.log The NetWitness Suite Administration Server (Admin server) is...
    Twinkle Lath
    last modified by Twinkle Lath
  • Refresh ESA Meta Key Schema

    Some customers have seen issues with their Meta Key References (meta key schema) after an upgrade of the ESA service. In the following screenshot, we see a clean version of the meta key schema -- however, in your envi...
    Naushad Kasu
    last modified by Naushad Kasu