Packaging Resources

The primary use for creating and subsequently deploying a resource package is for customers using an air gap network environment. In this case, you create a resource package on the network that is connected to the internet, and then deploy the resource package on a more secure network.

Create and Deploy Resource Package Use Case

The basic steps are as follows:

  1. Access NetWitness Live Services using an instance that is connected to the internet.
  2. Create a Resource package as described below, adding whichever content items you need.
  3. Copy the ZIP archive of the packages to your secure NetWitness instance, by using a thumb drive or other manual copying process.
  4. On the secure NetWitness instance, deploy the resource package. For more information, see Resource Package Deployment Wizard.

Prerequisites to Create a Resource Package

A prerequisite for creating resource packages is configuration of the connection and synchronization between the CMS server and NetWitness and the ability to search for resources in the User Interface.

Creating a Resource Package

The following procedure describes how to create a resource package, as a ZIP archive and save it to your local file system.

To create a resource package:

  1. Go to netwitness_configureicon_24x21.png (Configure) > Live Content from the NetWitness UI.
  2. Select the resources that you want to package in the Matching Resources grid.

    netwitness_121_searchresultslc_1122.png

  3. Select some or all the resources that are listed in the Matches Resources pane.
  4. Select netwitness_packagebtn_70x16.png > Create.

NetWitness creates a .zip archive that contains the selected resources and downloads it to your default download folder. NetWitness gives the package a generic name. You should rename it when you save it so that it identifies the resources contained in the package.

Creating Threat Package

The following procedure describes how to create a resource package that contains all the content that is categorized as Threat. Then we rename it, using the type of content and date.

  1. Go to netwitness_configureicon_24x21.png (Configure) > Live Content.
  2. From the Category section, select Threat.
  3. Select all items returned by clicking on the checkbox in the column header row of the Matching Resources pane.

    netwitness_121_threatcontentselected_1122_2428x1375.png

  4. Select netwitness_packagebtn_70x16.png > Create.

    A ZIP archive is saved to your Downloads folder. For example, resourceBundle8740753704980701969.zip.

  5. Rename the package to something meaningful. For example, in this case, you cold change the package name to threatResourceBundle_2018_01_31.zip (assuming today's date is January 31, 2018).

The resource package is now available for later deployment.

Deploying a Threat Package

This procedure assumes that you saved a package named threatResourceBundle_2018_01_31.zip, as described in the previous section. It describes how to deploy a saved resource package

  1. Go to netwitness_configureicon_24x21.png (Configure) > Live Content.
  2. In the Matching Resources pane, select netwitness_packagebtn_70x16.png > Deploy.
  3. Click Browse and navigate to the threatResourceBundle_2018_01_31.zip file that were created earlier.

    netwitness_threatpackageselected.png

  4. Click Next.

    The Resources page displays details for the resources in the package.

  5. Click Next.

    The Services page displays two tabs, Services and Groups, which provide a list of services and service groups that are configured in the netwitness_adminicon_25x22.png (Admin) > Services view. The columns are a subset of the columns available in the Services view.

  6. Select the services on which you want to deploy the content. You can select any combination of services and service groups.

    netwitness_deploymentservices.png

  7. Click Next.

    The Review page is displayed.

    Note: Make sure that you have selected correct resources and the services to which you want to deploy them.

  8. Click Deploy to complete the deployment process. Alternatively, you can choose Cancel or Previous to either cancel the deployment or go back to the previous screen.