This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Platform Online Documentation
Browse the official NetWitness Platform Online documentation for helpful tutorials, step-by-step instructions, and other valuable resources.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Versions
Collections
All Downloads

Table of Contents

Product Resources

Manage Custom Content

NetWitness introduces the new My Content option, which allows users to upload, delete, and download custom content from the Live UI. Custom content refers to any content created by users using NetWitness, such as Log Devices, Event Stream Analysis rules, parsers, feeds, etc. Using this capability, users can facilitate the exchange of useful and relevant content among users and reduce the time and effort required to publish content through content development teams. Users can choose from a range of content options that suit their needs and use cases.

125_MyContent.png

Users can perform the following tasks on the My Content tab:

Upload Custom Content

The NetWitness Live My Content tab allows you to upload your own custom content, such as Log Device and Event Stream Analysis, in the Live UI portal. Upon upload, NetWitness Live processes each piece of content, which is displayed in a table that displays the type, the name of each content, the created date, industry sector, platform version, and one of the following content statuses:

  • Under Review: The content is uploaded successfully and submitted for review.

  • Published: The NetWitness Live successfully processed and published the uploaded content.

  • Rejected: NetWitness Live could not process the uploaded content. The uploaded content contains invalid data, formatting errors, or malicious data.

    Note: If the uploaded content file is rejected, check if the file contains any errors, fix them, and do one of the following:
    - You can delete the existing rejected content file from the UI and upload the rectified content file. Follow steps 1- 12.
    - You can upload the rectified content file with a different name.

  • Failed: NetWitness Live could not process the uploaded content. The upload failure could be due to a network outage or technical error.

Note:
- Users will receive an email notification and feedback from NetWitness Live, either approving or rejecting their submission.
- Only the content that is in a published state will be available for the users to download.

To Upload Custom Content

  1. Log in to NetWitness Live using your Live account credentials.

  2. Navigate to the My Content tab.

  3. Click Upload Content.

    The Upload Community Content dialog is displayed.

    125_Upload1.png

  4. Under the Identify Content section, provide the following details:

    1. Resource Types: Select the required resource type from the drop-down list. The available options are Log Device and Event Stream Analysis.

    2. Under the Content file upload area, click and browse to the file that you want to upload, select the file, and then click Open.

      The format of a file depends on the type the user selects.

      • For Log Device content, the supported file formats are xml, zip, and .envision.

      • For ESA content, the supported file format is .esaa file exported from the NetWitness Platform UI ESA Rule Builder with no extension.

      Note:
      - NetWitness Live recommends not to upload zipped files that contain more than one content file for Log Device. This will cause the upload to fail. Currently, NetWitness Live only supports uploading single content files.
      - The maximum file size allowed for upload is 10 MB.

    3. Name: Enter a unique name to identify or label the content.

      File name must not contain special characters or spaces.

    4. Description: Enter a brief description of the content.

    5. Under Provide contributor details, do one of the following:

      • Select the checkbox Use Account owner name and email address. NetWitness Live will automatically populate the relevant fields with the administrator user's live account details.

      • Provide the name and email address of the contributor in the Contributor Name and Email Address fields.

  5. Click Upload and Continue.

  6. Under the Define Content section, provide the following details:

    Note: Only the Industry field is mandatory, and other fields are optional.

    1. Medium: Select one or more mediums from the drop-down list. The available options are packet, endpoint, log, and log and endpoint.

    2. Risk: Select the required risk from the drop-down list. The available options are High, Medium, and Low.

    3. Tags: Select one or more meta tags from the drop-down list to describe the content type. For example, malware analysis.

    4. Tactics: Select one or more MITRE ATT&CK Tactics from the drop-down list. After selecting the tactics, you will be allowed to choose the appropriate techniques. For example, Command and Control: TA0011.

    5. Techniques: Select one or more MITRE ATT&CK Techniques from the drop-down list. For example, Data Obfuscation: T1001.

    6. Minimum Platform Version: Select the NetWitness platform version from the drop-down list. Ensure that the custom content being uploaded is compatible with the minimum required NetWitness platform version. For example, 12.5.

    7. Industry: Select the required industry from the drop-down list to see the custom content relevant to that industry. For example, Communications.

  7. Click Save and Continue.

    125_Details.png

    A preview of the list appears, displaying the first 15 items.

  8. (Optional) Under the Add Dependency section, you can select the existing NetWitness content available in the list, add it as a dependency, and additionally sort and filter the required content:

    1. Sort the contents based on the following options from the drop-down list: Name (Ascending), Name (Descending), Created (Oldest), and Created (New).

    2. In the search field, enter the required content name or keywords and click Search. The required contents will be displayed.

      Note: Click the clear button to remove any text typed in the search field.

    3. Select one or more contents from the available list and click Save and Continue.

      125_Sort_MYContent.png

      Note:
      • You can navigate between pages using the page navigation options and view all the contents seamlessly.
      • You can select the number of content entries per page using the drop-down list. By default, 15 rows are displayed per page. However, you can modify the number of rows displayed per page.
      • You can use the scroll bar to navigate through the list of contents.

  9. Under the Review And Confirm section, review the content details.

  10. Click Back to return to the previous view. You can then edit any of the details you want to modify.

  11. Click X to close the dialog.

  12. Select the Terms and Conditions checkbox and click Save and Upload.

     

Delete Custom Content

You can delete content if the content type is no longer valid. However, you can delete only the content that you have uploaded.

Note:
• Deleting this content will remove the content permanently and cannot be restored. This action will also impact any other content that uses it as a dependency.
• You can only delete one content file at a time.

To delete the content

  1. Select the content that you want to delete and click Delete Content.

    125_Content.png

    A confirmation message is displayed.

  2. Click Delete.

    This permanently removes the content from the NetWitness Live.

Download Custom Content

You can download any published content from the results displayed in the My Content tab.

Note: NetWitness provides no assurances about the quality and accuracy of the content beyond the author's assurances.

To download the content

  1. Click the name of the content that you want to download.

    The Content Details dialog is displayed.

    125_Download.png

  2. Select the Terms and Conditions checkbox and click Download.

    The content file is downloaded.

Labels (1)
Labels:
0 Likes
Was this article helpful? Yes No
No ratings

On this page

© 2022 RSA Security LLC or its affiliates. All rights reserved.