NetWitness Event Sources

Event sources are network sources that send information about events to the NetWitness. They can be physical devices, such as laptops, network switches or firewall, and virtual or cloud-based applications, such as VMware. For example:

  • An Apache HTTP Server
  • Amazon Web Services CloudTrail
  • A Barracuda Web Application Firewall
  • A connection to Dropbox
  • An Oracle Database
  • A VMware vCenter Server

You first configure all of your event sources so that they can communicate with the NetWitness. NetWitness provides configuration guides for many common event sources, using a variety of collection methods (such as Syslog or file collection). After you have your event sources configured, use the information in this guide to manage them going forward.