This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by NetWitness experts.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to Extract Incident and Alert Data using the NetWitness Respond API

Article Number

000003239

Applies To

NetWitness Product Set: NetWitness Logs and Packets
NetWitness Product/Service Type: Admin Server, Respond, ESA Primary
NetWitness Version/Condition: 12.3+
Platform: CentOS, AlmaLinux

Issue

A user would like a way to retrieve Respond Incident and Alert data via the API so it may be stored or manipulated outside of the NetWitness Platform.

Resolution

Manual Method (step by step):
  • Obtaining the accessToken using Administrator credentials:
    • Using the CURL command and existing Admin credentials, run the following command to obtain an access token:
    •  curl 'https://192.168.5.168/rest/api/auth/userpass'  -k -X POST -H 'Accept: application/json;charset=UTF-8' -H 'Content-Type: application/x-www-form-urlencoded; charset=ISO-8859-1' -d  'username=admin&password=netwitness' 2>&1 | awk '/accessToken/' | cut -d ',' -f 3 | cut -d '"' -f 4
    • Items in BOLD need to be defined as follows using my example:
      • Admin Server IP Address (this can also be a FQDN that is resolvable) = 192.168.5.168
      • username = admin
      • password = netwitness
    • Example Output:

[root@NEW-NW11-NW-NODE-ZERO ~]# curl 'https://192.168.5.168/rest/api/auth/userpass'  -k -X POST -H 'Accept: application/json;charset=UTF-8' -H 'Content-Type: application/x-www-form-urlencoded; charset=ISO-8859-1' -d  'username=admin&password=netwitness' 2>&1 | awk '/accessToken/' | cut -d ',' -f 3 | cut -d '"' -f 4
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MjQzOTMxODc3NjAsImlzcyI6InNlY3VyaXR5LXNlcnZlci05MzUwZWZjZi02MmE0LTQzZmQtYjlmOC1lNGVlMDkwODQ4NDkiLCJpYXQiOjE3MjQzNTcxODc3NjAsImF1dGhvcml0aWVzIjpbIkFkbWluaXN0cmF0b3JzIl0sInVzZXJfbmFtZSI6ImFkbWluIn0.lm189BJvdMX-nG4NXJ_crea8ze81N7StfJ1--7jE1BnE2izu_rqGt4vPe9GMkGOqMYquLHlhFeMNYz73_CmoHRq65GE_ggNYGd-8xs0UKAw5BXWLT4HxVaK0v0suALkTnaghGHqMggMaEPDWYYdZPIapAhhb6DDMIMtjKijltemne_u55jCeYtjZ89iS11CgR5lIoUohsXz8Am-anmK0w5b5aXLTr7dPT3rq6OrHp_czax8OWCWUoNSYwKQnRk-OzyGDleCHyJ4InbTtP6rnmRxpi4XT0y5awb6BQaxmnQ2oWKPfbJc9aiCYTqf9kWLlH6stG7_F8dbdkIVWET8vWg

In the above Example, my accesToken in Bold is as follows:


eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MjQzOTMxODc3NjAsImlzcyI6InNlY3VyaXR5LXNlcnZlci05MzUwZWZjZi02MmE0LTQzZmQtYjlmOC1lNGVlMDkwODQ4NDkiLCJpYXQiOjE3MjQzNTcxODc3NjAsImF1dGhvcml0aWVzIjpbIkFkbWluaXN0cmF0b3JzIl0sInVzZXJfbmFtZSI6ImFkbWluIn0.lm189BJvdMX-nG4NXJ_crea8ze81N7StfJ1--7jE1BnE2izu_rqGt4vPe9GMkGOqMYquLHlhFeMNYz73_CmoHRq65GE_ggNYGd-8xs0UKAw5BXWLT4HxVaK0v0suALkTnaghGHqMggMaEPDWYYdZPIapAhhb6DDMIMtjKijltemne_u55jCeYtjZ89iS11CgR5lIoUohsXz8Am-anmK0w5b5aXLTr7dPT3rq6OrHp_czax8OWCWUoNSYwKQnRk-OzyGDleCHyJ4InbTtP6rnmRxpi4XT0y5awb6BQaxmnQ2oWKPfbJc9aiCYTqf9kWLlH6stG7_F8dbdkIVWET8vWg
  • Using that accessToken, plug it into the following URL and adjust the Bolded items:
    • curl https://192.168.5.168/rest/api/incidents/INC-29932 -k -X GET -H 'Accept: application/json;charset=UTF-8' -H NetWitness-Token:<accessToken>
    • Example:

curl https://192.168.5.168/rest/api/incidents/INC-299362  -k -X GET -H 'Accept: application/json;charset=UTF-8' -H NetWitness-Token:eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MjQzOTMxODc3NjAsImlzcyI6InNlY3VyaXR5LXNlcnZlci05MzUwZWZjZi02MmE0LTQzZmQtYjlmOC1lNGVlMDkwODQ4NDkiLCJpYXQiOjE3MjQzNTcxODc3NjAsImF1dGhvcml0aWVzIjpbIkFkbWluaXN0cmF0b3JzIl0sInVzZXJfbmFtZSI6ImFkbWluIn0.lm189BJvdMX-nG4NXJ_crea8ze81N7StfJ1--7jE1BnE2izu_rqGt4vPe9GMkGOqMYquLHlhFeMNYz73_CmoHRq65GE_ggNYGd-8xs0UKAw5BXWLT4HxVaK0v0suALkTnaghGHqMggMaEPDWYYdZPIapAhhb6DDMIMtjKijltemne_u55jCeYtjZ89iS11CgR5lIoUohsXz8Am-anmK0w5b5aXLTr7dPT3rq6OrHp_czax8OWCWUoNSYwKQnRk-OzyGDleCHyJ4InbTtP6rnmRxpi4XT0y5awb6BQaxmnQ2oWKPfbJc9aiCYTqf9kWLlH6stG7_F8dbdkIVWET8vWg
  • Items in BOLD need to be defined as follows using my example:
    • Admin Server IP Address (this can also be a FQDN that is resolvable) = 192.168.5.168
    • Incident ID = INC-29932
    • accessToken = (bolded portion from above)
 Example Output (returned incident details also in BOLD) 

[root@NEW-NW11-NW-NODE-ZERO ~]# curl https://192.168.5.168/rest/api/incidents/INC-29932  -k -X GET -H 'Accept: application/json;charset=UTF-8' -H NetWitness-Token:eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MjQzOTMxODc3NjAsImlzcyI6InNlY3VyaXR5LXNlcnZlci05MzUwZWZjZi02MmE0LTQzZmQtYjlmOC1lNGVlMDkwODQ4NDkiLCJpYXQiOjE3MjQzNTcxODc3NjAsImF1dGhvcml0aWVzIjpbIkFkbWluaXN0cmF0b3JzIl0sInVzZXJfbmFtZSI6ImFkbWluIn0.lm189BJvdMX-nG4NXJ_crea8ze81N7StfJ1--7jE1BnE2izu_rqGt4vPe9GMkGOqMYquLHlhFeMNYz73_CmoHRq65GE_ggNYGd-8xs0UKAw5BXWLT4HxVaK0v0suALkTnaghGHqMggMaEPDWYYdZPIapAhhb6DDMIMtjKijltemne_u55jCeYtjZ89iS11CgR5lIoUohsXz8Am-anmK0w5b5aXLTr7dPT3rq6OrHp_czax8OWCWUoNSYwKQnRk-OzyGDleCHyJ4InbTtP6rnmRxpi4XT0y5awb6BQaxmnQ2oWKPfbJc9aiCYTqf9kWLlH6stG7_F8dbdkIVWET8vWg

{"id":"INC-29932","title":"Interactive Users for interactive_users","summary":null,"priority":"Medium","riskScore":30,"status":"New","alertCount":1000,"averageAlertRiskScore":30,"sealed":true,"totalRemediationTaskCount":0,"openRemediationTaskCount":0,"created":"2024-07-29T21:55:58.734Z","lastUpdated":"2024-07-29T21:55:58.734Z","lastUpdatedBy":null,"assignee":null,"sources":["Event Stream Analysis"],"ruleId":"60c0e4f909aad51015030a28","firstAlertTime":"2024-07-19T18:27:50.073Z","categories":[],"journalEntries":null,"createdBy":"Interactive Users","deletedAlertCount":0,"eventCount":1000,"alertMeta":{"SourceIp":[""],"DestinationIp":["","73.216.234.102"]}}[
 
  • To retrieve constituent alert details for the same incident, you can use this example and adjust the items in BOLD:
    •  curl 'https://192.168.5.168/rest/api/incidents/INC-29932/alerts?pageSize=5&pageNumber=0'  -k -X GET -H 'Accept: application/json;charset=UTF-8' -H NetWitness-Token:<accessToken>
    • Example:

curl 'https://192.168.5.168/rest/api/incidents/INC-29932/alerts?pageSize=5&pageNumber=0'  -k -X GET -H 'Accept: application/json;charset=UTF-8' -H NetWitness-Token:eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MjQzOTMxODc3NjAsImlzcyI6InNlY3VyaXR5LXNlcnZlci05MzUwZWZjZi02MmE0LTQzZmQtYjlmOC1lNGVlMDkwODQ4NDkiLCJpYXQiOjE3MjQzNTcxODc3NjAsImF1dGhvcml0aWVzIjpbIkFkbWluaXN0cmF0b3JzIl0sInVzZXJfbmFtZSI6ImFkbWluIn0.lm189BJvdMX-nG4NXJ_crea8ze81N7StfJ1--7jE1BnE2izu_rqGt4vPe9GMkGOqMYquLHlhFeMNYz73_CmoHRq65GE_ggNYGd-8xs0UKAw5BXWLT4HxVaK0v0suALkTnaghGHqMggMaEPDWYYdZPIapAhhb6DDMIMtjKijltemne_u55jCeYtjZ89iS11CgR5lIoUohsXz8Am-anmK0w5b5aXLTr7dPT3rq6OrHp_czax8OWCWUoNSYwKQnRk-OzyGDleCHyJ4InbTtP6rnmRxpi4XT0y5awb6BQaxmnQ2oWKPfbJc9aiCYTqf9kWLlH6stG7_F8dbdkIVWET8vWg
  • Items in BOLD need to be defined as follows using my example:
    • Admin Server IP Address (this can also be a FQDN that is resolvable) = 192.168.5.168
    • Incident ID = INC-29932
    • Number of Alerts to retrieve = 5
    • accessToken = (bolded portion from above)
 Example Output (returned incident details also in BOLD): 

[root@NEW-NW11-NW-NODE-ZERO ~]# curl 'https://192.168.5.168/rest/api/incidents/INC-29932/alerts?pageSize=5&pageNumber=0'  -k -X GET -H 'Accept: application/json;charset=UTF-8' -H NetWitness-Token:eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MjQzOTMxODc3NjAsImlzcyI6InNlY3VyaXR5LXNlcnZlci05MzUwZWZjZi02MmE0LTQzZmQtYjlmOC1lNGVlMDkwODQ4NDkiLCJpYXQiOjE3MjQzNTcxODc3NjAsImF1dGhvcml0aWVzIjpbIkFkbWluaXN0cmF0b3JzIl0sInVzZXJfbmFtZSI6ImFkbWluIn0.lm189BJvdMX-nG4NXJ_crea8ze81N7StfJ1--7jE1BnE2izu_rqGt4vPe9GMkGOqMYquLHlhFeMNYz73_CmoHRq65GE_ggNYGd-8xs0UKAw5BXWLT4HxVaK0v0suALkTnaghGHqMggMaEPDWYYdZPIapAhhb6DDMIMtjKijltemne_u55jCeYtjZ89iS11CgR5lIoUohsXz8Am-anmK0w5b5aXLTr7dPT3rq6OrHp_czax8OWCWUoNSYwKQnRk-OzyGDleCHyJ4InbTtP6rnmRxpi4XT0y5awb6BQaxmnQ2oWKPfbJc9aiCYTqf9kWLlH6stG7_F8dbdkIVWET8vWg


{"items":[{"id":"66a7f750a6043e114fb0e892","title":"interactive_users","detail":null,"created":"2024-07-19T18:28:12.298Z","source":"Event Stream Analysis","riskScore":null,"type":"Log","events":[{"source":{"device":{"ipAddress":null,"port":null,"macAddress":null,"dnsHostname":null,"dnsDomain":null},"user":{"username":null,"emailAddress":null,"adUsername":null,"adDomain":null}},"destination":{"device":{"ipAddress":"73.216.234.102","port":null,"macAddress":null,"dnsHostname":null,"dnsDomain":null},"user":{"username":"apols_vpn","emailAddress":null,"adUsername":null,"adDomain":null}},"domain":"NEW-NW11-NW-NODE-ZERO","eventSource":"7ccc3524-5e03-48ad-9229-e6bbaa84dd37:50005","eventSourceId":"790821777"}]},{"id":"66a7f750a6043e114fb0e894","title":"interactive_users","detail":null,"created":"2024-07-19T18:28:21.303Z","source":"Event Stream Analysis","riskScore":null,"type":"Log","events":[{"source":{"device":{"ipAddress":null,"port":null,"macAddress":null,"dnsHostname":null,"dnsDomain":null},"user":{"username":"shop","emailAddress":"evanemail_src@email.com","adUsername":null,"adDomain":null}},"destination":{"device":{"ipAddress":null,"port":null,"macAddress":null,"dnsHostname":null,"dnsDomain":null},"user":{"username":null,"emailAddress":null,"adUsername":null,"adDomain":null}},"domain":"NEW-NW11-NW-NODE-ZERO","eventSource":"7ccc3524-5e03-48ad-9229-e6bbaa84dd37:50005","eventSourceId":"790821934"}]},{"id":"66a7f750a6043e114fb0e893","title":"interactive_users","detail":null,"created":"2024-07-19T18:28:09.298Z","source":"Event Stream Analysis","riskScore":null,"type":"Log","events":[{"source":{"device":{"ipAddress":null,"port":null,"macAddress":null,"dnsHostname":null,"dnsDomain":null},"user":{"username":null,"emailAddress":null,"adUsername":null,"adDomain":null}},"destination":{"device":{"ipAddress":"73.216.234.102","port":null,"macAddress":null,"dnsHostname":null,"dnsDomain":null},"user":{"username":"apols_vpn","emailAddress":null,"adUsername":null,"adDomain":null}},"domain":"NEW-NW11-NW-NODE-ZERO","eventSource":"d778b114-80f2-44bf-a75c-e59d035f4077:50002","eventSourceId":"671120527"}]},{"id":"66a7f750a6043e114fb0e895","title":"interactive_users","detail":null,"created":"2024-07-19T18:28:08.120Z","source":"Event Stream Analysis","riskScore":null,"type":"Log","events":[{"source":{"device":{"ipAddress":null,"port":null,"macAddress":null,"dnsHostname":null,"dnsDomain":null},"user":{"username":null,"emailAddress":null,"adUsername":null,"adDomain":null}},"destination":{"device":{"ipAddress":"73.216.234.102","port":null,"macAddress":null,"dnsHostname":null,"dnsDomain":null},"user":{"username":"apols_vpn","emailAddress":null,"adUsername":null,"adDomain":null}},"domain":"NEW-NW11-NW-NODE-ZERO","eventSource":"d778b114-80f2-44bf-a75c-e59d035f4077:50002","eventSourceId":"671120466"}]},{"id":"66a7f750a6043e114fb0e896","title":"interactive_users","detail":null,"created":"2024-07-19T18:28:26.302Z","source":"Event Stream Analysis","riskScore":null,"type":"Log","events":[{"source":{"device":{"ipAddress":null,"port":null,"macAddress":null,"dnsHostname":null,"dnsDomain":null},"user":{"username":null,"emailAddress":null,"adUsername":null,"adDomain":null}},"destination":{"device":{"ipAddress":"73.216.234.102","port":null,"macAddress":null,"dnsHostname":null,"dnsDomain":null},"user":{"username":"apols_vpn","emailAddress":null,"adUsername":null,"adDomain":null}},"domain":"NEW-NW11-NW-NODE-ZERO","eventSource":"d778b114-80f2-44bf-a75c-e59d035f4077:50002","eventSourceId":"671120733"}]}],"pageNumber":0,"pageSize":5,"totalPages":200,"totalItems":1000,"hasNext":true,"hasPrevious":false}

Scripted Method
  1. Download the attached script and copy it to a Linux host that has HTTPS/SSL/443 access to the Admin Server/NW-NODE-ZERO:   nw_respond_inc-alert_call.sh
  2. Make the script executable with by running:
    1. chmod +x /root/nw_respond_inc-alert_call.sh
  3. Execute the script with the following variables (defined in BOLD below)
    1. /root/nw_respond_inc-alert_call.sh  192.168.5.168 admin netwitness INC-29932 5
      1. Admin Server/Node Zero IP: 192.168.5.168
      2. Username : admin
      3. Password: netwitness
      4. Incident ID: INC-29932
      5. Number of Alerts to retrieve: 5
  4. Once executed, the output will retrieve and print:
    1. The variables passed
    2. The accessToken
    3. The Incident by itself
    4. The alerts related to that incident (maxing out at the number of alerts you defined, so the actual number of alerts may exceed your definition)
Output: 

[root@NEW-NW11-NW-NODE-ZERO ~]# /root/nw_respond_inc-alert_call.sh  192.168.5.168 admin netwitness INC-29932 5

Variable Inputs : 


Admin Server IP = 192.168.5.168
Username = admin
Password = netwitness
Incident ID = INC-29932
Number of Alerts to Return = 5

Transient Access Token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MjQzOTU1MTM0MDUsImlzcyI6InNlY3VyaXR5LXNlcnZlci05MzUwZWZjZi02MmE0LTQzZmQtYjlmOC1lNGVlMDkwODQ4NDkiLCJpYXQiOjE3MjQzNTk1MTM0MDUsImF1dGhvcml0aWVzIjpbIkFkbWluaXN0cmF0b3JzIl0sInVzZXJfbmFtZSI6ImFkbWluIn0.hfu1ms355J7Gt4PmMxl1x8pmRStRvI_FCAq-haYMatY71xRytFbm8sw4bm2y8XzyVPw96f6dqA7i_77bv0N4YtUD0Lf1ug3IyKtQZ9rCdmPsYV8SwLLjfmgvEIW50wJqErsyMhLjCOxg48fhOnATLbP7_1LAAHVRSXUwYyee1VMzHabgsefOl7NbFBAoPrCqbuAAvLdW1LXFKMy-5I0V4bc5hwcs6BlC8CI2p7UjTSIlDSzgWCCNGg7Rmu319t_VV1RZVWkzhMDFNSqu57NFlfAYUSOkmU0Far6YuGx_EvQ4m6O7B7ypR4TL1PFE9yNUx8dA1dEX9MhOZInk1sxpQg


Retrieving incident details for INC-29932 :


{"id":"INC-29932","title":"Interactive Users for interactive_users","summary":null,"priority":"Medium","riskScore":30,"status":"New","alertCount":1000,"averageAlertRiskScore":30,"sealed":true,"totalRemediationTaskCount":0,"openRemediationTaskCount":0,"created":"2024-07-29T21:55:58.734Z","lastUpdated":"2024-07-29T21:55:58.734Z","lastUpdatedBy":null,"assignee":null,"sources":["Event Stream Analysis"],"ruleId":"60c0e4f909aad51015030a28","firstAlertTime":"2024-07-19T18:27:50.073Z","categories":[],"journalEntries":null,"createdBy":"Interactive Users","deletedAlertCount":0,"eventCount":1000,"alertMeta":{"SourceIp":[""],"DestinationIp":["","73.216.234.102"]}}

Retrieving 5 Alerts details for INC-29932 :


{"items":[{"id":"66a7f750a6043e114fb0e892","title":"interactive_users","detail":null,"created":"2024-07-19T18:28:12.298Z","source":"Event Stream Analysis","riskScore":null,"type":"Log","events":[{"source":{"device":{"ipAddress":null,"port":null,"macAddress":null,"dnsHostname":null,"dnsDomain":null},"user":{"username":null,"emailAddress":null,"adUsername":null,"adDomain":null}},"destination":{"device":{"ipAddress":"73.216.234.102","port":null,"macAddress":null,"dnsHostname":null,"dnsDomain":null},"user":{"username":"apols_vpn","emailAddress":null,"adUsername":null,"adDomain":null}},"domain":"NEW-NW11-NW-NODE-ZERO","eventSource":"7ccc3524-5e03-48ad-9229-e6bbaa84dd37:50005","eventSourceId":"790821777"}]},{"id":"66a7f750a6043e114fb0e894","title":"interactive_users","detail":null,"created":"2024-07-19T18:28:21.303Z","source":"Event Stream Analysis","riskScore":null,"type":"Log","events":[{"source":{"device":{"ipAddress":null,"port":null,"macAddress":null,"dnsHostname":null,"dnsDomain":null},"user":{"username":"shop","emailAddress":"evanemail_src@email.com","adUsername":null,"adDomain":null}},"destination":{"device":{"ipAddress":null,"port":null,"macAddress":null,"dnsHostname":null,"dnsDomain":null},"user":{"username":null,"emailAddress":null,"adUsername":null,"adDomain":null}},"domain":"NEW-NW11-NW-NODE-ZERO","eventSource":"7ccc3524-5e03-48ad-9229-e6bbaa84dd37:50005","eventSourceId":"790821934"}]},{"id":"66a7f750a6043e114fb0e893","title":"interactive_users","detail":null,"created":"2024-07-19T18:28:09.298Z","source":"Event Stream Analysis","riskScore":null,"type":"Log","events":[{"source":{"device":{"ipAddress":null,"port":null,"macAddress":null,"dnsHostname":null,"dnsDomain":null},"user":{"username":null,"emailAddress":null,"adUsername":null,"adDomain":null}},"destination":{"device":{"ipAddress":"73.216.234.102","port":null,"macAddress":null,"dnsHostname":null,"dnsDomain":null},"user":{"username":"apols_vpn","emailAddress":null,"adUsername":null,"adDomain":null}},"domain":"NEW-NW11-NW-NODE-ZERO","eventSource":"d778b114-80f2-44bf-a75c-e59d035f4077:50002","eventSourceId":"671120527"}]},{"id":"66a7f750a6043e114fb0e895","title":"interactive_users","detail":null,"created":"2024-07-19T18:28:08.120Z","source":"Event Stream Analysis","riskScore":null,"type":"Log","events":[{"source":{"device":{"ipAddress":null,"port":null,"macAddress":null,"dnsHostname":null,"dnsDomain":null},"user":{"username":null,"emailAddress":null,"adUsername":null,"adDomain":null}},"destination":{"device":{"ipAddress":"73.216.234.102","port":null,"macAddress":null,"dnsHostname":null,"dnsDomain":null},"user":{"username":"apols_vpn","emailAddress":null,"adUsername":null,"adDomain":null}},"domain":"NEW-NW11-NW-NODE-ZERO","eventSource":"d778b114-80f2-44bf-a75c-e59d035f4077:50002","eventSourceId":"671120466"}]},{"id":"66a7f750a6043e114fb0e896","title":"interactive_users","detail":null,"created":"2024-07-19T18:28:26.302Z","source":"Event Stream Analysis","riskScore":null,"type":"Log","events":[{"source":{"device":{"ipAddress":null,"port":null,"macAddress":null,"dnsHostname":null,"dnsDomain":null},"user":{"username":null,"emailAddress":null,"adUsername":null,"adDomain":null}},"destination":{"device":{"ipAddress":"73.216.234.102","port":null,"macAddress":null,"dnsHostname":null,"dnsDomain":null},"user":{"username":"apols_vpn","emailAddress":null,"adUsername":null,"adDomain":null}},"domain":"NEW-NW11-NW-NODE-ZERO","eventSource":"d778b114-80f2-44bf-a75c-e59d035f4077:50002","eventSourceId":"671120733"}]}],"pageNumber":0,"pageSize":5,"totalPages":200,"totalItems":1000,"hasNext":true,"hasPrevious":false}

Notes

For additional information on using the NetWitness API, please refer to the NetWitness API Guide.
Attachments
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2024-09-24 02:19 PM
Updated by:
Administrator Administrator

Related Content

© 2022 RSA Security LLC or its affiliates. All rights reserved.