This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

File exclude from Malware analysis?

JayWatson
Beginner
Beginner

‎2018-03-14 01:36 PM

I have recent deployment of NW Malware appliance and it is picking up an unusually high number of High Confidence events. Some of the files it has detected are in-house custom scripts or applications. Is there a way to exclude these files from being analysed and therefore creating events?

0 Likes
2 REPLIES 2

EricPartington
Employee
Employee

‎2018-03-14 01:44 PM

https://community.rsa.com/community/products/netwitness/blog/2016/12/23/malware-spectrum-whats-involved 

 

if you create an app rule to flag those items as content=spectrum.filter then they should be removed from the processing pipeline

 

https://community.rsa.com/docs/DOC-80755 

0 Likes

JayWatson
Beginner
Beginner

‎2018-03-14 05:25 PM

Thanks, seems so easy. Appreciate the response.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.