Access the RESTful API in NetWitness Platform

This topic describes how to enable the REST API in NetWitness Platform. The REST API must be enabled by setting /rest/config/enabled to on, which is the default. The default port for communication is the default port + 100 (for example, 50105 for a Concentrator), but that can be changed by setting the /rest/config/port parameter. SSL is controled by the setting in /sys/config/ssl.

Note: By default, the REST interface accepts BOTH SSL and Non-SSL connections on the REST port. By setting /sys/config/ssl to on, ONLY SSL connections will be accepted on the REST port.

To enable the REST port:

  1. In the NetWitness web user interface, go to netwitness_adminicon_25x22.png (Admin) > Services and select a service, for example, a Concentrator.
  2. In the Host column, click on the host name. The Hosts page opens, and the IP address of the host is displayed in the Host column. Make a note of the IP address.
  3. Note: If the IP address listed in the Host column is the same as the IP address of the NetWitness web UI, the API is not available for that service.

  4. Go to netwitness_adminicon_25x22.png (Admin) > Services, select the service, and then select View > Config. Under System Configuration, note the port number. You will use this port number as a basis for accessing the API, but you must add 100 to it. For example, if the port number is listed as 50005, you would enter 50105.
  5. In the browser, type the IP address of the service and append the port number to the IP address as shown here:
    http://<hostname or IP address>:<port>

    Note: The URL is HTTP, and not HTTPS.

  6. In the Authentication dialog, enter the user name and password and click Log in. The root node tree used by NetWitness is displayed:

(Optional) Configure Custom SSL Certificate for the REST Interface

IMPORTANT: As a security best practice, using self-signed certificates is not recommended.

Note: In version 11.6, custom certificates are not supported on Log Collector.

By default, NetWitness Platform provides certificates for all the NetWitness Platform Core Services. For example, Decoder uses the /etc/netwitness/ng/decoder_cert.pem certificate.

You can provide your own custom certificate (preferably issued by a certification authority) for the REST ports. The custom certificates must be in the OpenSSL PEM format. Perform the following steps to configure the custom certificates:

  1. Rename the custom certificate to <service name>_rest_cert.pem and upload it to /etc/netwitness/ng/. For example, decoder_rest_cert.pem.
  2. Rename the private key to <service>_rest_key.pem and upload it to /etc/netwitness/ng. For example, decoder_rest_key.pem.

Note: You can combine the certificate and the private key in a single file and name it as <service>_rest_cert.pem. For example, decoder_rest_cert.pem.

If custom certificates are not detected, the default NetWitness Platform certificates are used.