In NetWitness, you can deploy selected resources manually, using the Deployment Wizard, or you can subscribe to a group of resources.

• When you have results from browsing resources in NetWitness Live, you can deploy resources manually to a service or a service group without subscribing to the resources. To deploy resources, select one or more from the list.
• Deploying resources manually deploys to services without taking advantage of the powerful resource management capabilities of NetWitness. If you want to receive notification and updates for updated resources and be able to easily remove resources from a service, you must subscribe to resources in the Live Search view and deploy them in the Live Configure View.
• If you have previously created and saved a resource package, you can deploy the package to services. Please refer to Resource Package Deployment Wizard for instructions on how to create a package.

Caution: For NetWitness 11.3, there is a new Content bundle for Endpoint, which contains approximately 400 application rules. Do not deploy this bundle (or the Endpoint application rules) onto any Log Decoder that is running an earlier version of NetWitness. The rules are only useful for 11.3 and newer, and would have major performance implications if deployed on Log Decoders that cannot process them.

To deploy resources manually:

1. Go to (Configure) > Live Content.

2. Select a group of resources, or a previously created resource package.

   To select a resource or group of resources:

   1. In the Live Search View, browse Live resources (for example, search for the Log Collector resource Type).

   2. In the Matching Resources panel, select Show Results > Grid.

   3. Select the checkbox to the left of the resources that you want to deploy.

      

   4. In the Matching Resources toolbar, click .

      

3. To select a resource package to deploy:

   1. In the Live Search view - Matching Resources toolbar, select Package > Deploy .
      

      The Package page of the Resource Package Deployment wizard is displayed.

      

   2. Click Browse and select a package from your network (for example resourceBundle-FeedsParsersContent.zip).

   3. Click Open.

      At this point, whether you are deploying a package or a group of resources, the Deployment Wizard opens, and the Resources page is displayed.

4. Click Next.

   The Services page displayed has two tabs, Services and Groups, which provide a list of services and service groups that are configured in the (Admin) > Services view. The columns are a subset of the columns available in the Services view.

   Note: The Live server is "smart" about deploying resources to Services. For example, it does not deploy resources that have a Medium of packets to any Log Decoders. This means that only applicable content resources are deployed to each Service.

5. Select the services on which you want to deploy the content. You can select any combination of services and service groups.

   • Use the Services tab to select individual services, list of services, and service groups that are configured in the (Admin) > Services view.
   • Use the Groups tab to select groups of services.

   

6. Click Next.

   The Review page is displayed.

   

   Make sure that you have selected correct resources and the services on which you want to deploy them.

7. Click Deploy.

   The Deploy page is displayed. The Progress bar turns green when you have successfully deployed the resources to the selected services.

   

   If you try to deploy resources and services that are not compatible, NetWitness displays the Errors and Retry buttons, which you can click to review the errors and re-attempt the deployment.

   

8. Click Close.