NetWitness Platform Online Documentation

Browse the official NetWitness Platform Online documentation for helpful tutorials, step-by-step instructions, and other valuable resources.

Options

Subscribe to RSS Feed

Bookmark

Subscribe

Printer Friendly Page

Report Inappropriate Content

Versions

Collections

All Downloads

Configure FeedsConfigure Feeds

NetWitness uses feeds to create metadata based on externally defined metadata values. A feed is a list of data that is compared to sessions as they are captured or processed. For each match, additional metadata is created. This data could identify and classify malicious IPs or incorporate additional information such as department and location based on internal network assignments. Some examples of feeds include threat feeds to identify BOTNets, DHCP mappings, or even Active Directory (AD) information such as physical location or logical department.

You can use the Live module in NetWitness to obtain feeds from outside sources. "Live Content in NetWitness" in the Live Services Management Guide provides an overview of the Live content management tool.

Within the NetWitness user interface, you can view the list of currently deployed feeds, along with an indicator if a feed that originated from Live was installed through NetWitness or manually. Feeds can be added, removed, and updated while a Decoder is running without affecting capture.

NetWitness Community

Table of Contents

Product Resources

Configure FeedsConfigure Feeds

On this page