This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Whitelisting URLs to Limit False Positive

Gambit
New Contributor
New Contributor

‎2023-01-04 11:01 PM

Hi all, 

 

I've just started working with RSA NetWitness, with vulnerabilities alert through the roof (over 60k).

Most of these event are local hosts communicating with various Microsoft IPs.

Can I create a whitelist of such URLs/IPs?  If so how?

 

Thanks

1 REPLY 1

KaramveerSingh
Occasional Contributor Occasional Contributor
Occasional Contributor

‎2023-01-12 05:41 AM

Hi @Gambit 

 

You can use the context hub lists and use it in your ESA statement with Whitelist condition.

 

You can refer to below discussion:

https://community.netwitness.com/t5/netwitness-discussions/using-context-hub-lists-for-whitelisting-in-esa-rules/td-p/486807

 

Regards,

Kv

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.