This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

"View Web" - Investigator--web recreation

Go to solution
AdamRasnick
Beginner
Beginner

‎2013-11-19 04:15 PM

Has anyone else had a problem recreating pictures or websites inside the investigator module for 10.2 SP2?  I have been working on this for 2 weeks now and have not been able to figure out why we are not able to recreate any of the websites or pictures from websites.  I have also noticed that there are no files in the "View Files" option either.  However, there is not a configuration option in SA to restrict or allow these files downloaded or not....

 

I am confused why this is not working.  Has anyone else had this problem?

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
AdamRasnick
Beginner
Beginner
In response to RajbirYadav

‎2013-11-20 01:52 PM

Yeah, I have looked at the truncate options. I have spoken with some support contacts and we think the customer is caching at the webproxy, which will elimated the files and images coming through to SA. We are still working with the customer to double check this.

 

 

| Adam Rasnick | Practice Consultant, RSA Professional Services| 423.833.9297| adam.rasnick@emc.com | RSA The Security Division of EMC

View solution in original post

0 Likes
2 REPLIES 2

Go to solution
RajbirYadav
Beginner
Beginner

‎2013-11-20 07:31 AM

If you are working with packet decoder then you can see attached file in "view files" or if you do not want to keep that file in decoder database then you can truncate the payload by applying truncate rule from app rule in packet decoder. i am not sure it is in N/W rule or in app rule, but its there. by applying truncate only header information will be saved as meta data rest of payload will be discarded.

0 Likes

Go to solution
AdamRasnick
Beginner
Beginner
In response to RajbirYadav

‎2013-11-20 01:52 PM

Yeah, I have looked at the truncate options. I have spoken with some support contacts and we think the customer is caching at the webproxy, which will elimated the files and images coming through to SA. We are still working with the customer to double check this.

 

 

| Adam Rasnick | Practice Consultant, RSA Professional Services| 423.833.9297| adam.rasnick@emc.com | RSA The Security Division of EMC

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.