• Serial console on hardware appliances

    As a (network) engineer I am used to having serial console access to physical devices.   I noticed this is not enables by default on RSA Netwitness appliances. Notr is it anywhere documented here on RSA Link. &#...
    Hugo Van Der Kooij
    last modified by Hugo Van Der Kooij
  • Netwitness Log parser Tool

    Is there a new version of Log Parser Tool in the roadmap?   Actual version is 2 years old. RSA, a Dell Technologies business, announces the release of RSA® NetWitness Log Parser Tool v1.1   We commun...
    Isidore DESHAIES
    last modified by Isidore DESHAIES
  • Filtering false positives from Alerts

    I'm interested in learning what would be best practice for filtering false alerts. We have a nwfeed file from a threat intel provider that maps IPs, domains and emails to threat actors.   An ESA alert is create...
    Jeremy Kerwin
    last modified by Jeremy Kerwin
  • Is Investigator freeware registration broken?

    See attached. I am trying to activate RSA NetWitness Investigator. Versions 10.6 and 11.4 throw three scripting errors and fail with 301 Moved Permanently during the freeware registration and activation process. A fre...
    Bryon G
    last modified by Bryon G
  • 10.6.5 Physical host instalation Guide

    Dear Team, we are in the need of the instalation guide for the RSA netwitness 10.6.5 we have gone through the documentation but not getting any clearity, we came accross virtual host instalation guide only. Can anyon...
    Anil Prabhakar
    last modified by Anil Prabhakar
  • Is the registration portal down?

    The url register.netwitness.com is not responding. 
    Ryan Rathbun
    created by Ryan Rathbun
  • where to find the status of JIRA ticket ARCHER-93694

    We cannot find the status of the JIRA Ticket ARCHER-93694 in our portal. With ref to Case no 01686003 JIRA ARCHER-93694 has been attached to the mentioned case, but it's not showing in the Engineering Requests tab. Pl...
    socuser .
    last modified by socuser .
  • is there any parser for IBM Identity and Access Management Solution?

    We have integrated the IBM IAM via syslog but there is no supported parser, appreciate if any one has this parser and can share it.
    Anas Bdeir
    last modified by Anas Bdeir
  • Error Message. Can not verificate

    I am trying to Make NetWitness Investigator work and I get the following( see below) can you help???       (i) 2020-Nov-09 16:15:02 [URL] cms.netwitness.com 443 1 (F) 2020-Nov-09 16:15:02 [Email Verifi...
    Marcelo Esquivel
    last modified by Marcelo Esquivel
  • can i add YARA roles to Netwetness V 11.4.1.2??

    hello   i'm trying to add some YARA roles to the netwitness 11.4.1.2, but i can find anything in web console, can i do it from command line?
    Ahmad Jabr
    created by Ahmad Jabr
  • REST API credentials

    configuring user access for REST API - lots of docs on accessing the REST API (ports etc), setting up credentials for access to the REST API not found. I need a dedicated user ID and credentials to provide access that...
    bill doyle
    last modified by bill doyle
  • Azure use cases

    Looking for Azure use cases for RSA Netwitness V11.4.0.0
    PCL SOC
    last modified by PCL SOC
  • How UEBA, SOAR, Threat Connect and ESA work together!

    Some point I need to know, we need to create rules on ESA, and based on that alert will be generated. But how UEBA will help ESA? I mean do we need to see UEBA for anomaly behavior/deviations then write rules on SIEM ...
    Md. Mahim Bin Firoj
    last modified by Md. Mahim Bin Firoj
  • Log Decoder Parser Synchronization

    RSA, Is there a way to auto sync parsers on Log Decoders? We are trying to load balance some of our VLCs and reconfigure some Log Decoders but curious if the parsers will be synchronized from LD to another. Please ad...
    Dwayne Fryer
    created by Dwayne Fryer
  • Report Distribution

    Is there a way that NetWitness can ingest a finished report via PDF or CSV from a third party system such as Guardium and then distribute that same report back out to destination emails? Please note that I am aware we...
    Dwayne Fryer
    created by Dwayne Fryer
  • RSA Netwitness supported SFP models at physical appliances

    Hello Guys;   We have RSA Netwitness Hybrid Packet physical appliance, what is the supported SFP models that can be used? Hardware setup guide mention only that the physical appliances support SFP SR 10 GB. if w...
    Mohammad Ennab
    last modified by Mohammad Ennab
  • Can NwConsole use tlogin for sdk commands?

    We are rolling out the new NwConsole fileHash feature across our packet sensors. For other scripts we used tlogin so we don't have to store a password in the script or config file. This does not seem to work for sdk c...
  • Error while perform migrate & upgrade via ISO

    Hi,   We are migrate and upgrade from 10.6.6 to 11.3, using ISO to boot, while entering the setup prompt have this error;   "mount : special device /dev/VolGroup00/root does not exist cp: cannot stat...
    Mohd Amri Razlan
    created by Mohd Amri Razlan
  • RSA Security Analytics wrong time

    Hello guys,   I have an issue with time between SA server, Log decoder and concentrator server. Let me explain, when I login to SA UI I see a mismatch time between all hosts.     When I checked the...
    Adolfo Sotelo
    last modified by Adolfo Sotelo
  • Is there a recommended key description line available for the meta value "sid"?

    I am receiving a Meta Overflown in Index Slice for the meta value “sid”.  When I review the index-concentrator-custom.xml and the index-concentrator.xml I do not see a meta value line for “sid&#...
    Jed Carter
    last modified by Jed Carter