This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
      • Netwitness XDR
      • EC-Council Training
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
    • Role-Based Training
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Platform Online Documentation
Browse the official NetWitness Platform Online documentation for helpful tutorials, step-by-step instructions, and other valuable resources.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
  • NetWitness Community
  • Products
  • NetWitness Platform
  • Documentation
  • Online Documentation
  • Release Notes for 11.7.2
  • Options
    • Subscribe to RSS Feed
    • Bookmark
    • Subscribe
    • Printer Friendly Page
    • Report Inappropriate Content
    • English
    • French (Français)
    • German (Deutsche)
    • Japanese (日本人)
    • Spanish (Español)
Versions
Collections
All Downloads

Table of Contents

  •   Release Notes
    •   Release Notes for 12.2
      •   What's New
      •   Fixed Issues
      •   Build Numbers
    •   Release Notes for 12.1.1
      •   What's New
      •   Fixed Issues
      •   End of Life Functionality and Features in 12.1.1.0
      •   Build Numbers
    •   Release Notes for 12.1.0.1
      •   What's New
      •   Upgrade Instructions
      •   Build Numbers
    •   Release Notes for 12.1
      •   What's New
      •   Fixed Issues
      •   Build Numbers
    •   Release Notes for 12.0
      •   What's New
      •   Fixed Issues
      •   Build Numbers
    •   Release Notes for 11.7.1.2
      •   What's New
      •   Fixed Issues
      •   Upgrade Instructions
      •   Build Numbers
    •   Release Notes for 11.7.0.1
      •   What's New
      •   Build Numbers
      •   Appendix
      •   Upgrade Instructions
    •   Release Notes for 11.7.0.2
      •   What's New
      •   Build Numbers
      •   Appendix
      •   Upgrade Instructions
    •   Release Notes for 11.7.1.1
      •   What's New
      •   Fixed Issues
      •   Build Numbers
    •   Release Notes for 11.7.2.0
      •   What's New
      •   Fixed Issues
      •   Build Numbers
    •   Release Notes for 11.7.1
      •   What's New
      •   Fixed Issues
      •   Build Numbers
    •   Release Notes for 11.7
      •   What's New
      •   Fixed Issues
      •   Build Numbers
    •   What's New in Previous Releases
    •   Known Issues
    •   Security Fixes
  •   Getting Started
    •   Getting Started With NetWitness
      •   Getting Started with NetWitness Platform XDR
      •   Log in to NetWitness Platform XDR
      •   Changing Your Password
      •   Identifying Your Role
      •   NetWitness Platform XDR Basic Navigation
      •   Setting Up Your Default View by SOC Role
      •   Managing the Springboard
      •   Managing Dashboards
      •   Setting User Preferences
      •   Managing Jobs
      •   Viewing and Deleting Notifications
      •   Viewing Help in the Application
      •   Finding Documents on NetWitness Community
      •   Troubleshooting for User Setup
      •   NetWitness Platform Getting Started References
        •   User Preferences
        •   Notifications Panel and Notifications Tray
        •   Jobs Panel and Jobs Tray
    •   Set up your Hosts and Services
      •   Hosts and Services Basics
      •   Hosts and Services Set Up Procedures
      •   Hosts and Services Maintenance Procedures
      •   References
        •   Hosts View
        •   Services View
          •   Edit Service Dialog
          •   Services Config View
          •   Services Config View - Appliance Service Configuration Tab
          •   Services Config View - Data Retention Scheduler Tab
          •   Services Config View - Files Tab
          •   Services Explore View
          •   Services Explore View - Properties Dialog
          •   Services Logs View
          •   Services Security View
          •   Services Security View - Users Tab
          •   Services Security View - Roles Tab
            •   Services Security View - Service User Roles and Permissions
            •   Services Security View - Aggregation Role
          •   Services Security View - Settings Tab
          •   Services Stats View
          •   Services Stats View - Chart Stats Tray
          •   Services Stats View - Gauges
          •   Services Stats View - Timeline Charts
          •   Services System View
          •   Services Topology View
          •   Services System View - Host Task List Dialog
        •   Service Configuration Parameters
          •   Aggregation Configuration Parameters
          •   Appliance Service Configuration Parameters
          •   Archiver Service Configuration Parameters
          •   Broker Service Configuration Parameters
          •   Concentrator Service Configuration Parameters
          •   Core Service Logging Configuration Parameters
          •   Core Service-to-Service Configuration Parameters
          •   Core Service System Configuration Parameters
          •   Decoder Configuration Parameters
          •   Network Decoder Service Configuration Parameters
          •   Log Decoder Service Configuration Parameters
          •   REST Interface Configuration Parameters
          •   NetWitness Platform Core Service system.roles Modes
        •   Centralized Service Configuration via Policy
          •   Centralized Service Configuration - Groups Tab
          •   Centralized Service Configuration - Policies Tab
      •   Troubleshooting Version Installations and Updates
    •   Service Configuration Properties Guide
      •   Introduction
      •   Admin-server Configuration
      •   Analysis-server Configuration
      •   Config-server Configuration
      •   Content-server Configuration
      •   Contexthub-server Configuration
      •   Correlation-server Configuration
      •   Endpoint-broker-server Configuration
      •   Endpoint-server Configuration
      •   Enrichment-server Configuration
      •   Integration-server Configuration
      •   Investigate-server Configuration
      •   Launch-framework Configuration
      •   License-server Configuration
      •   Metrics-server Configuration
      •   Node-infra-server Configuration
      •   No-op-server Configuration
      •   Orchestration-server Configuration
      •   Relay-server Configuration
      •   Respond-server Configuration
      •   Security-server Configuration
      •   Source-server Configuration
    •   Quick Start - Investigation
      •   What Is NetWitness Investigate
    •   Quick Start - Endpoints
      •   QuickStart
    •   Quick Start - UEBA
      •   QuickStart
  •   Install and Upgrade
    •   Deploy NetWitness
      •   The Basics
      •   Deployment Optional Setup Procedures
      •   Network Architecture and Ports
      •   Site Requirements and Safety
    •   Manage Licensing
      •   Entitlement Capability Implementation
      •   Initial Set Up
        •   Obtain License Server ID from NetWitness Platform UI
        •   Access Product Licenses from myRSA
        •   Synchronize NetWitness Server
        •   Synchronize Local Licensing Server Offline
      •   License Types
      •   Configure NetWitness Notifications
      •   About Out-of-Compliance Banners
      •   Troubleshoot Licensing
      •   Licensing Panel Reference
        •   Usage Trend
        •   Reassign Licenses
        •   Export Usage Stats
      •   Settings Tab
      •   Out-of-Compliance Reference
    •   Physical Host Installation
      •   Introduction
      •   Installation Tasks
      •   Update or Install Legacy Windows Collection
      •   Post Installation Tasks
      •   Appendix A. Troubleshooting
      •   Appendix B. Create External Repo
      •   Appendix C. Silent Installation Using CLI
      •   Appendix D. Third Party Server System Requirement
    •   Virtual Host Installation
      •   Basic Deployment
      •   Install NW Virtual Host in Virtual Environment
        •   Step 1a. Create Virtual Machine - VMware
        •   Step 1b. Deploy the Virtual Host in Hyper-V
        •   Step 1c. Create Virtual Machine in Nutanix AHV
        •   Step 2. Configure Block Storage to Accommodate NetWitness Platform
          •   Task 1. Add New Disk
          •   Task 2. Add New Volume and Extend Existing File Systems
          •   Task 3. Storage Configurations
        •   Step 3. Installation Tasks
        •   Step 4. Configure Host-Specific Parameters
        •   Step 5. Post Installation Tasks
      •   Appendix A. Troubleshooting
      •   Appendix B. Silent Installation Using CLI
      •   Appendix C. Virtual Host Recommended System Requirements
      •   Appendix D. Update the Virtual ESA Host Memory
    •   NetWitness Storage Configuration
      •   Storage Overview
      •   Storage Requirements
      •   Prepare Physical Storage
      •   Prepare Virtual or Cloud Storage
      •   Configure Storage Using the REST API
      •   Prepare Unity Storage
      •   Migrate Data to Another Storage Type
      •   Appendix A. How NetWitness Platform Hosts Store Data
      •   Appendix B. Encrypt a Series 6E Core or Hybrid Host (encryptSedVd.py)
      •   Appendix C. Troubleshooting
      •   Appendix D. Sample Storage Configuration Scenarios
      •   Appendix E: Sample Storage Configuration Scenarios for 8 or 12 Drive Powervault
      •   Appendix F: Sample Storage Configuration Scenarios Meta Disk Kits
      •   Appendix G: Sample Storage Configuration for Concentrator Index with One Meta Disk Kit
      •   Revision History
    •   AWS Deployment
      •   AWS Deployment Overview
      •   AWS Deployment
        •   Establish AWS Environment
        •   Find NetWitness AMIs
        •   Launch an Instance and Configure a Host
        •   Configure Hosts (Instances) in NetWitness Platform XDR
        •   Configure Packet Capture
      •   Instance Configuration Recommendations
      •   Appendix A Silent Installation Using CLI
    •   Azure Deployment
      •   Azure Installation Overview
      •   Azure Configuration Recommendations
      •   Azure Deployment
        •   Partition Recommendations
        •   Deploy NW Server Host in Azure
        •   Deploy Component Core Services in Azure
        •   Installation Tasks
        •   Configure Hosts (Instances) in NetWitness Platform XDR
        •   Configure Packet Capture for Azure Cloud Environment
      •   Appendix A. Silent Installation Using CLI
    •   Google Cloud Platform Deployment
      •   Google Cloud Platform Installation Overview
      •   GCP Deployment
        •   Prerequisites
        •   Find NetWitness Platform XDR GCP Images
        •   Establish gcloud Environment
        •   Create an Instance using Google Cloud SDK Shell
        •   Create a Firewall Rule
        •   Connect to VM Instance using SSH
        •   Installation Tasks
        •   Configure Hosts (Instances) in NetWitness Platform XDR
        •   Configure Packet Mirroring
      •   GCP Instance Configuration Recommendations
    •   Endpoint Agent Installation
      •   Introduction to Endpoint Agent Installation
      •   Prerequisites
      •   Generate an Agent Packager
      •   Generate Agent Installers
      •   Deploy and Verify Agents
      •   Uninstall Agents
      •   Upgrade Agents
      •   Recommendations for Installing Agents in Virtual Desktop Infrastructure Environment
      •   Troubleshooting
    •   Migration Guide for NetWtiness Endpoint to RSA NetWitness Platform
      •   Introduction
      •   Migrating NetWitness Endpoint 4.4.0.x to NetWitness Platform
      •   Importing NetWitness Endpoint 4.4.0.x Configurations to NetWitness Platform
    •   UEBA Standalone Installation
      •   Introduction
      •   NetWitness UEBA Standalone Installation
      •   System Requirement
      •   Installation Tasks
      •   Post Installation Tasks
    •   Upgrade to NetWitness Platform XDR 12.2
      •   Overview
      •   Pre upgrade checks
      •   Upgrade Preparation Tasks
      •   Upgrade Tasks
      •   Post Upgrade Tasks
      •   Endpoint Upgrade Tasks
      •   Troubleshooting Version Installations and Upgrades
    •   Upgrade to NetWitness Platform XDR 12.1.1
      •   Overview
      •   Pre upgrade checks
      •   Upgrade Preparation Tasks
      •   Upgrade Tasks
      •   Post Upgrade Tasks
      •   Endpoint Upgrade Tasks
      •   Start Using New Features
      •   Appendix A. Troubleshooting Version Installations and Upgrades
    •   Upgrade to NetWitness Platform XDR 12.1
      •   Overview
      •   Pre Upgrade Checks
      •   Upgrade Preparation Tasks
      •   Upgrade Tasks
      •   Post Upgrade Tasks
      •   Endpoint Upgrade Tasks
      •   Appendix A. Offline Upgrade Using CLI
      •   Appendix B. Set Up External Repo
      •   Appendix C. Troubleshooting Version Installations and Upgrades
    •   Upgrade to NetWitness Platform XDR 11.7.2
      •   Overview
      •   Upgrade Preparation Tasks
      •   Upgrade Tasks
      •   Post Upgrade Tasks
      •   Endpoint Upgrade Tasks
      •   Appendix A. Troubleshooting Version Installations and Upgrades
    •   Upgrade to NetWitness Platform XDR 12.0
      •   Overview
      •   Pre Upgrade Checks
      •   Upgrade Preparation Tasks
      •   Upgrade Tasks
      •   Post Upgrade Tasks
      •   Endpoint Upgrade Tasks
      •   Appendix A. Offline Upgrade Using CLI
      •   Appendix B. Set Up External Repo
      •   Appendix C. Troubleshooting Version Installations and Upgrades
    •   Upgrade to NetWitness Platform XDR 11.7.1
      •   Overview
      •   Upgrade Preparation Tasks
      •   Upgrade Tasks
      •   Post Upgrade Tasks
      •   Endpoint Upgrade Tasks
      •   Start Using New Features
      •   Appendix A. Offline Upgrade Using CLI
      •   Appendix B. Troubleshooting Version Installations and Upgrades
    •   Upgrade to NetWitness Platform XDR 11.7
      •   Overview
      •   Pre Upgrade Checks
      •   Upgrade Preparation Tasks
      •   Upgrade Tasks
      •   Post Upgrade Tasks
      •   Endpoint Upgrade Tasks
      •   Enable New Features
      •   Appendix A. Offline Upgrade Using CLI
      •   Appendix B. Set Up External Repo
      •   Appendix C. Troubleshooting Version Installations and Upgrades
    •   Windows Legacy Log Collection Configuration
      •   Windows Legacy Collection
    •   NetWitness Export Connector Deployment
      •   Overview
      •   Logstash Input Plugin - Configuration Process
      •   Install Logstash
      •   Install NetWitness Logstash Input Plugin
      •   Configure Logstash Input Plugin
        •   Configure SSL
        •   Health and Wellness
        •   Configure Custom Value Meta
      •   (Optional) Configure Logstash Filter Plugin
      •   Configure Logstash Output Plugin
      •   Known Issues
  •   Configure and Manage
    •   Policy-based Centralized Content Management
      •   About Policy-based Centralized Content Management
      •   Enable or Disable Policy-based Centralized Content Management for All or Individual Services
      •   Migrate Content from Core Services to Content Library
      •   Migrate ESA Deployments to Policies and Groups
      •   Manage Content Library
        •   Import Content to Content Library
        •   Create an Application Rule
        •   Clone Application Rule
        •   Edit Application Rule
        •   Delete Application Rule
        •   View Application Rule Details
        •   Create a Network Rule
        •   Clone Network Rule
        •   Edit Network Rule
        •   Delete Network Rule
        •   View Network Rule Details
        •   Create an ESA Rule
        •   Edit an ESA Rule
        •   Delete an ESA Rule
        •   Filter Content Rules
      •   Manage Groups
        •   Create a Group
        •   View a Group
        •   Delete a Group
        •   Edit a Group
        •   Filter Groups
      •   Manage Policies
        •   Create and Publish Policies
        •   Clone a Policy
        •   Delete a Policy
        •   Edit a Policy
        •   View a Policy
        •   Enable Content for a Policy
        •   Disable Content for a Policy
        •   Subscribe Content for a Policy
        •   Unsubscribe Content for a Policy
        •   Filter Policies
        •   Filter Policy Content Details
        •   Merge Policy with ESA Content
      •   Manage ESA Datasources
        •   View an ESA Datasource
        •   Add an ESA Datasource
        •   Edit an ESA Datasource
        •   Delete an ESA Datasource
      •   Manage Deployments
        •   View a Deployment
        •   Create a Deployment
        •   Edit a Deployment
        •   Start a Deployment
        •   Remove a Deployment
        •   Stop a Deployment
      •   References
        •   Content Library Tab
        •   Data Sources Tab
        •   Deployments Tab
        •   Groups Tab
        •   Policies Tab
      •   Appendix A: Endpoint Risk Scoring Rules
      •   Appendix B: Position Tracking Information
    •   Decoder and Log Decoder Configuration
      •   Decoder and Log Decoder Quick Setup
      •   Configure Common Settings on a Decoder
        •   Configure Capture Settings
          •   (Optional) Configure System-Level (BPF) Packet Filtering
          •   (Optional) Configure a Decoder to Capture Data Across All Types of Network Interfaces
          •   (Optional) Configure Meta-Only Decoders
          •   (Optional) Configure Selective Network Data Collection
          •   (Optional) Configure a Decoder to Write Standard pcap-formatted Files
          •   (Optional) Multiple Adapter Packet Capture
          •   (Optional) Internet Content Adaptation Protocol Capture
          •   (Optional) Data Plane Development Kit Packet Capture
          •   (Optional) Preserve VLAN Tags When Using the Packet MMAP Capture Interface
          •   (Optional) Process Raw Syslog Data without Priority Field
          •   (Optional) Configure Decoder to Support OpenAppID
        •   Enable and Disable Parsers and Log Parsers
        •   Start and Stop Data Capture
      •   Configure Decoder Rules
        •   Configure Application Rules
        •   Configure Correlation Rules
        •   Configure Network Rules
        •   Fix Rules with Invalid Syntax
        •   Decoder Commands for Managing Rules
      •   Configure Parsers and Feeds
        •   Configure Parsers
          •   Use Custom Parsers
          •   Enable and Configure the Entropy Parser
          •   Flex Parser
            •   Arithmetic Functions
            •   Common Parser Operations
            •   General Functions
            •   Logging Functions
            •   Nodes
            •   Payload Functions
            •   Regex
            •   String Functions
          •   GeoIP2 Parsers
          •   Lua Parsers
          •   HTTP Parsers
          •   Snort Parsers
          •   Search Parser
          •   Wireless LAN Configuration
          •   Troubleshooting Parsers | NetWitness
        •   Configure Feeds
          •   Custom Feed Definition File Structure
          •   Feed Definitions File
          •   Create a Custom Feed
          •   Create a STIX Custom Feed
          •   Create an Identity Feed
          •   Upload, Edit, or Remove a Feed
          •   Create Custom Meta Keys Using Custom Feed
      •   Decoder and Log Decoder Additional Procedures
        •   Configure 10G Capability | NetWitness
        •   Configure 10G Capability
        •   Configure a Log Decoder to Accept Protobuf
        •   Configure Session Split Timeouts
        •   Configure Syslog Forwarding to Destination
        •   Configure Transaction Handling on a Decoder
        •   Configure Data Export
        •   Decrypt Incoming Packets TLS 1.2
        •   Decrypt Incoming Packets TLS 1.3
        •   Edit Decoder System Configuration Settings
        •   Enable CPU Usage Stats for Installed Content
        •   Enable Parser Mappings
        •   Enable or Disable Lua and Flex Parsing Systems
        •   Map IP Address to Service Type
        •   Event Time Support
        •   Obtain Log Files from a Pre-11.0 Log Decoder
        •   Upload a Log File to a Log Decoder
        •   Upload a Packet Capture File
        •   F5 BIG IP - NetWitness Perfect Forward Secrecy Inspection Visibility
        •   Troubleshooting Packet Drops (11.x and above)
      •   Decoder and Log Decoder References
        •   Services Config View - Capture Policies Tab
        •   Services Config View - Edit Policies Wizard
        •   Services Config View - Data Privacy Tab
        •   Services Config View - Data Retention Scheduler
        •   Services Config View - Feeds Tab
        •   Services Config View - Upload Feeds Dialog
        •   Services Config View - Files Tab
        •   Services Config View - General Tab
        •   Services Config View - Parsers Tab
        •   Services Config View - Parser Mappings Tab
        •   Services Config View - Data Export Tab
        •   Services Config View - Rules Tab
        •   Services Config View - App Rules Tab
        •   Services Config View - Correlation Rules Tab
        •   Services Config View - Network Rules Tab
        •   Services System View - Decoders
    •   Broker and Concentrator Configuration
      •   Broker and Concentrator Basics
      •   Overview of Brokers and Concentrators
      •   Basic Setup Procedures
        •   Step 1. Verify Service System Configuration
        •   Step 2. Configure the Aggregation Process
        •   Step 3. Configure Aggregate Services
        •   Step 4. (Optional) Configure Group Aggregation
        •   Step 5. Start and Stop Aggregation
      •   Broker and Concentrator Configuration References
        •   Services Config View - Broker/Concentrator General Tab
        •   Services System View - Broker
    •   Core Database Tuning
      •   NetWitness Core Database Introduction
      •   Basic Database Configuration
        •   Tiered Database Storage
        •   Manifests
      •   Advanced Database Configuration
        •   Database Configuration Nodes
        •   Index Configuration Nodes
        •   SDK Configuration Nodes
        •   Per-User Configuration Nodes
        •   Scheduler
        •   Rollover
        •   Snort Rules and Configuration
      •   Queries
      •   Index Customization
      •   Rebuilding of the Index
      •   Optimization Techniques
      •   Rule Examples
      •   Appendix A: Statistics
      •   Appendix B: Index Inspect
    •   Live Services Management
      •   Live Content in NetWitness Suite
      •   Deploy Content
        •   Create Live Account
        •   Set Up Live Services in NetWitness Platform XDR
        •   Deploy Content using Live Content UI
          •   Required Procedures
            •   Find and Deploy Live Resources
            •   Manage Live Resources
            •   Search and Download Content from NetWitness XDR Cloud Services Live
          •   Additional Procedures
            •   Export Data to RSA
            •   Create a Resource Package
            •   Manage Custom Feeds
            •   Subscribing to Resources
            •   Miscellaneous Live Services Procedures
          •   References
            •   Live Configure View
            •   Live Feeds View
            •   Live Resource View
            •   Live Search View
            •   Live Search Content View
            •   Resource Package Deployment Wizard
            •   NetWitness Live Registration Portal
            •   Netwitness Feedback and Data Sharing
          •   Troubleshooting
    •   Log Collection Configuration
      •   About Log Collection
      •   Log Collection Architecture
      •   Basic Implementation
        •   Provision Local and Remote Collectors
        •   Configure LC/RC
        •   Configure Failover
        •   Configure Replication
        •   Configure Chain of Remote Collectors
        •   Throttle RC to LC Bandwidth
        •   Set up a Lockbox
        •   Start Collection Services
        •   Verify Log Collection is Working
        •   Configure Certificates
        •   Configure Custom Certificates
      •   Log Collection Basics
        •   Basic Procedure
        •   Search for Specific Event Sources
        •   Configure Event Filters for Log Collector
        •   Import, Export, Edit and Test Event Sources in Bulk
      •   Collection Protocols
        •   Configure AWS (CloudTrail) Event Sources
        •   Configure Azure Event Sources
        •   Configure Check Point Event Sources
        •   Configure File Event Sources
        •   Configure Logstash
        •   Configure Netflow Event Sources
        •   ODBC
          •   Configure ODBC Event Sources
          •   Configure DSNs
          •   Create Custom Typespec
          •   Troubleshoot ODBC Collection
        •   Configure SDEE Event Sources
        •   Configure SNMP Event Sources
        •   Configure Syslog Event Sources
        •   Configure VMware Event Sources
        •   Configure Windows Event Sources
        •   Windows Legacy Configuration
          •   Set Up Windows Legacy Collector
          •   Configure Windows Legacy and NetApp Event Sources in RSA NetWitness
          •   Troubleshoot Windows Legacy and NetApp Collection
      •   Reference
        •   AWS Parameters
        •   Azure Parameters
        •   Check Point Parameters
        •   File Parameters
        •   Service System View
        •   ODBC Parameters
        •   ODBC DSN Parameters
        •   Remote/Local Collectors Configuration Parameters
        •   Tabs
          •   General Tab
          •   Event Destinations Tab
          •   Event Sources Tab
          •   Settings Tab
      •   Log Collection: Troubleshoot
    •   Event Source Management
      •   NetWitness Event Sources
      •   Managing Event Sources
        •   Alarms and Notifications
        •   Automatic Alerting
        •   Common Scenarios for Monitoring Policies
      •   Manage Event Source Groups
        •   Create Event Source Groups
        •   Create Event Source Group Form
        •   Acknowledge and Map Event Sources
        •   Edit or Delete Event Source Groups
        •   Remove Idle Event Sources
        •   Create an Event Source and Edit its Attributes
        •   Bulk Edit Event Source Attributes
        •   Import Event Sources
        •   Export Event Sources
        •   Sort Event Sources
      •   Monitor Polices
        •   Configure Event Source Group Alerts
        •   Set Up Notifications
        •   Disable Notifications
      •   Configure Automatic Alerting
      •   View Event Source Alarms
      •   Event Source References
        •   Discovery Tab
        •   Manage Tab
        •   Manage Tab - Historical Graph View
        •   Manage Event Source Tab
        •   Event Sources View
        •   Create/Edit Group Form
        •   Details View
        •   Manage Parser Mappings
        •   Alarms Tab
        •   Monitoring Policies Tab
        •   Settings Tab
        •   Log Parser Rules Tab (version 11.1 only)
      •   Troubleshooting/Appendix
        •   Alarms and Notifications Issues
        •   Duplicate Log Messages
        •   Troubleshoot Feeds
        •   Import File Issues
        •   Negative Policy Numbering
        •   Viewing Logs from Pre-11.0 Log Decoder
    •   Log Parser Customization
      •   Log Parser Rules Customization
      •   Add or Delete Log Parser
      •   JSON Mappings
      •   Create Custom Log Parser Rules
      •   Log Parsers and the Default Log Parser
      •   Use Cases
      •   Extend a Log Parser Example
      •   Select the Reference Log Decoder
      •   Move Log Parser Rules to Production
      •   Troubleshooting and Limitations
      •   Log Parser Rules Tab
    •   Logstash Integration Configuration
      •   Overview
      •   Dataflow
      •   Install Logstash
      •   Install and Configure the NetWitness Codec
      •   Configure Logstash Output Plugins
      •   Configure Event Source
      •   Advanced NetWitness Configuration
      •   Coding Appendix: Linux event Source Example
      •   Coding Appendix: Build a Parser
    •   NetWitness Export Connector Configuration
      •   Overview
      •   Logstash Input Plugin - Configuration Process
      •   Install Logstash
      •   Install NetWitness Logstash Input Plugin
      •   Configure Logstash Input Plugin
        •   Configure SSL
        •   Health and Wellness
        •   Configure Custom Value Meta
      •   (Optional) Configure Logstash Filter Plugin
      •   Configure Logstash Output Plugin
      •   Known Issues
    •   Archiver Configuration For Logs
      •   Archiver Overview
      •   Basic Archiver Configuration
        •   Add the Archiver Service
        •   Add Log Decoder as a Data Source to Archiver
        •   Configure Archiver Storage and Log Retention
          •   Configure Hot, Warm, and Cold Storage
          •   Configure Log Storage Collections
          •   Define Retention Rules
        •   Add Archiver as a Data Source to Reporting Engine
        •   Configure Archiver Monitoring
      •   Additional Archiver Configuration
        •   Configure Data Backup and Restore
        •   Retrieve Hash Information
      •   Archiver References
        •   Archiver Collection Dialog
        •   Archiver Services Config View - General Tab
        •   Archiver Service Configuration
        •   Data Retention Tab - Archiver
        •   Services Config View - Archiver
    •   Workbench Configuration For Logs
      •   Overview
      •   Configuration Procedures
        •   Add Workbench Service as a Data Source to Broker
        •   Add Workbench as a Data Source to Reporting Engine
        •   Manage Collections
      •   Services Config View
      •   Services Config View - Collections Tab
      •   Services Config View - General Tab
      •   Troubleshooting
    •   Event Stream Analysis Configuration
      •   Event Stream Analysis Overview
      •   Configure ESA Correlation Rules
      •   Additional ESA Correlation Rules Procedures
        •   Update Your ESA Rules for the Required Multi-Value and Single-Value Meta Keys
        •   Configure Advanced Settings for ESA Correlation
        •   Configure Character Case for Advanced ESA Rules
        •   Deploy Endpoint Risk Scoring Rules on ESA
        •   Change Memory Threshold for ESA Rules
        •   Start, Stop, or Restart ESA Service
        •   View Audit Logs and Verify ESA Component Versions
    •   Alerting with ESA Correlation Rules
      •   Getting Started with ESA
        •   Best Practices
        •   Troubleshoot ESA
        •   View Memory Metrics for Rules
      •   How ESA Handles Sensitive Data
      •   ESA Rule Types
        •   ESA Permissions
        •   Practice with Sample Rules
      •   Working with Trial Rules
      •   Add Rules to the Rules Library
      •   Download Configurable RSA Live ESA Rules
        •   Customize an RSA Live ESA Rule
      •   Add a Rule Builder Rule
        •   Step 1. Name and Describe the Rule
        •   Step 2. Build a Rule Statement
        •   Step 3. Add Conditions to a Rule Statement
      •   Working With Rules
        •   Edit, Duplicate or Delete a Rule
        •   Filter or Search for Rules
        •   Import or Export Rules
      •   Choose How to Be Notified of Alerts
        •   Notification Methods
        •   Add Notification Method to a Rule
      •   Add a Data Enrichment Source
        •   Enrichment Sources
        •   Configure a Context Hub List as an Enrichment Source
        •   Configure an In-Memory Table as an Enrichment Source
        •   Add an Enrichment to a Rule
      •   Deploy Rules to Run on ESA
        •   ESA Rule Deployment Steps
        •   Additional ESA Rule Deployment Procedures
      •   View ESA Stats and Alerts
        •   View Stats for an ESA Service
        •   View a Summary of Alerts
      •   Add an Advanced EPL Rule
        •   Event Processing Language (EPL)
        •   ESA Annotations
        •   Example Advanced EPL Rules
      •   Configure an In-Memory Table Using an EPL Query
      •   ESA Alert References
        •   RulesTab
        •   Rule Library Panel
        •   Rule Builder Tab
        •   Build a Statement Dialog
        •   Advanced EPL Rule Tab
        •   Rule Syntax Dialog
        •   Services Tab
        •   Settings Tab
    •   Context Hub Configuration
      •   How Context Hub Works
      •   Configure Lists as a Data Source
      •   Configure Archer as a Data Source
      •   Configure Active Directory Data Source
      •   Configure RSA EndPoint Data Source
      •   Configure Respond Data Source
      •   Configure File Reputation Server Data Source
      •   Configure STIX as a Data Source
      •   Configure RESTAPI as a Data Source
      •   Configure Data Sources Settings
      •   Import or Export Lists for Context Hub
      •   Manage Meta Type and Meta Key Mapping
      •   Context Hub Data Sources Tab
      •   Context Hub Lists Tab
      •   Context Hub STIX Tab
      •   Troubleshooting
    •   Malware Analysis Configuration
      •   How Malware Analysis Works
      •   Basic Setup
        •   Configure Malware Analysis Operating Environment
        •   Configure General Malware Analysis Settings
        •   Configure Indicators of Compromise
        •   Configure Installed Antivirus Vendors
        •   Enable Community Scoring
        •   (Optional) Configure Auditing on Malware Analysis Host
        •   (Optional) Configure Hash Filter
        •   (Optional) Configure Malware Analysis Proxy Settings
        •   (Optional) Register for a ThreatGRID API Key
      •   Additional Procedures for Configuring Malware Analysis
        •   Create Custom Alert in CEF Format
        •   Enable Custom YARA Content
      •   Supported Antivirus Vendors
      •   Malware Analysis References
        •   Services Config View - General Tab
        •   Services Config View - Indicators of Compromise Tab
        •   Services Config View - IOC Summary Tab
        •   Services Config View - Auditing Tab
        •   Services Config View - Hash Tab
        •   Services Config View - AV Tab
        •   Services Config View - Proxy Tab
        •   Services Config View - ThreatGRID Tab
        •   Services Config View - Integration Tab
    •   NetWitness Endpoint Configuration
      •   NetWitness Endpoint Overview
      •   Agent Modes
      •   Endpoint Server Configuration
      •   Deploy Endpoint Application Rules and ESA Correlation Rules
      •   Setup Meta Forwarding to Log Decoder
      •   Endpoint Sources
      •   Create Groups and Policies
      •   Manage Groups
      •   Manage Policies
      •   Change Policy Ordering for Groups
      •   Configure Data Retention Policy
      •   Manage Role Permissions at Endpoint Server Level
      •   Manage Inactive Agents
      •   Configure Retention Policy for Memory Dumps and MFT
      •   (Optional) Installing and Configuring Relay Server
      •   Endpoint YARA Rules
      •   Configure OPSWAT
      •   Integrate NetWitness Endpoint 4.4.0.2 or Later with NetWitness Endpoint 11.3
      •   Endpoint References
        •   General Tab
        •   Data Retention Scheduler Tab
        •   Packager Tab
        •   Relay Server Tab
        •   Endpoint Sources - Groups
        •   Endpoint Sources - Policies
      •   Troubleshooting
      •   Appendices
        •   Reset File Collection Bookmarks
        •   Supported File Log Event Source Types
        •   Specify UNC Paths
    •   Respond Configuration for Incident Management
      •   About this Document
      •   NetWitness Respond Configuration Overview
      •   Configuring NetWitness Respond
        •   Step 1. Configure Alert Sources to Display Alerts in the Respond View
        •   Step 2. Assign Respond View Permissions
        •   Step 3. Enable and Create Incident Rules for Alerts
      •   Additional Procedures for Respond Configuration
        •   Set Up and Verify Default Incident Rules
        •   Configure Risk Scoring Settings for Automated Incident Creation
        •   Configure Custom Respond Server Alert Normalization
        •   Configure Analyst UI for Respond Server Alert Normalization
        •   Configure Incident Email Notification Settings
        •   Set a Retention Period for Alerts and Incidents
        •   Obfuscate Private Data
        •   Manage Incidents in Archer Cyber Incident & Breach Response
        •   Configure the Option to Send Incidents to RSA Archer
        •   Configure Threat Aware Authentication
        •   Set a Counter for Matched Alerts and Incidents
        •   Edit the Incident Rules Export ZIP File
        •   Configure a Database for the Respond Server Service
      •   NetWitness Respond Configuration Reference
        •   Configure View
        •   Incident Rules View
        •   Incident Rule Details View
        •   Incident Email Notification Settings View
        •   Aggregation Rules Tab (11.0 and earlier)
        •   New Rule tab (11.0 and earlier)
    •   Reporting Configuration
      •   How Reporting Engine Works
      •   Configure Reporting Engine
      •   Configure the Data Sources
        •   (Optional) Add Workbench as Data Source to Reporting Engine
        •   (Optional) Add Archiver as Data Source to Reporting Engine
        •   (Optional) Integrate EndPoint Information Into Reports
        •   (Optional) Add Collection as Data Source to Reporting Engine
      •   Configure Data Privacy for Reporting Engine
      •   Configure Data Source Permissions
      •   Configure Reporting Engine Settings
        •   Enable LDAP Authentication
        •   Add Additional Space for Large Reports
        •   Managing Log File Parameters
        •   Configure Task Scheduler for a Reporting Engine
      •   How to Define Reports, Charts, and Alerts
      •   Configure Reporting Engine General Settings
      •   Reporting Engine Reference
        •   Reporting Engine General Tab
        •   Reporting Engine Sources Tab
        •   Reporting Engine Output Actions Tab
        •   Reporting Engine Manage Logos Tab
    •   Warehouse Connector Configuration
      •   How Warehouse Connector Works
      •   Install Warehouse Connector Service on a Log Decoder or Decoder
      •   Configure a Warehouse Connector Service
      •   Configure the Data Source for Warehouse Connector
      •   Configure the Destination
        •   Configure the Destination Using NFS
        •   Configure the Destination Using SFTP
        •   Configure the Destination Using WebHDFS
      •   Configure a Stream
      •   Monitor a Warehouse Connector
      •   Add Warehouse as a Data Source to Reporting Engine
      •   Analyze a Warehouse Report
      •   View the Warehouse Connector Service
      •   Troubleshoot the Warehouse Connector
      •   Manage a Stream
      •   Manage a Lockbox
      •   Warehouse Connector Configuration References
        •   General Tab Settings
        •   Appliance Service Configuration Tab Settings
        •   Sources and Destinations Configuration
        •   Add Stream Dialog
        •   Streams Configuration
        •   Lockbox Settings
    •   UEBA Configuration
      •   UEBA Configuration Overview
      •   UEBA Configuration
      •   UEBA Configuration Troubleshooting
    •   Service Configuration
      •   Introduction
      •   Admin-server Configuration
      •   Analysis-server Configuration
      •   Config-server Configuration
      •   Content-server Configuration
      •   Contexthub-server Configuration
      •   Correlation-server Configuration
      •   Endpoint-broker-server Configuration
      •   Endpoint-server Configuration
      •   Enrichment-server Configuration
      •   Integration-server Configuration
      •   Investigate-server Configuration
      •   Launch-framework Configuration
      •   License-server Configuration
      •   Metrics-server Configuration
      •   Node-infra-server Configuration
      •   No-op-server Configuration
      •   Orchestration-server Configuration
      •   Relay-server Configuration
      •   Respond-server Configuration
      •   Security-server Configuration
      •   Source-server Configuration
    •   System Security and User Management
      •   Set Up System Security
        •   Configure Password Complexity
        •   Change the Default Admin Passwords
        •   Configure System-Level Security Settings
        •   (Optional) Configure External Authentication
          •   Configure Active Directory
          •   Configure PAM Login Capability
        •   (Optional) Configure PKI Authentication
        •   (Optional) Use a Custom Server Certificate
        •   (Optional) Create a Customized Login Banner
      •   How Role-Based Access Control Works
        •   Role Permissions
      •   Manage Users with Roles and Permissions
        •   Review the Preconfigured NetWitness Platform Roles
        •   (Optional) Add a Role and Assign Permissions
        •   Verify Query and Session Attributes per Role
        •   Set Up Users
        •   (Optional) Map User Roles to External Groups
        •   Search for External Groups
      •   Set Up Multi-Factor Authentication
      •   Set Up Single Sign-On Authentication
        •   Configure Single Sign-On
      •   (Optional) Set Up Public Key Infrastructure (PKI) Authentication
        •   Configure PKI Authentication
          •   Import Server Certificate and Trusted CA Certificate
          •   (Optional) Configure the CRL Manually
          •   Enable PKI Authentication
        •   Disable PKI
        •   Delete Server Certificate and Trusted CA Certificate
      •   Troubleshooting
      •   References
        •   Admin Security View
        •   Users Tab
          •   Add or Edit User Dialog
        •   Roles Tab
          •   Add or Edit Role Dialog
        •   External Group Mapping Tab
          •   Add Role Mapping Dialog
          •   Search External Groups Dialog
        •   Settings Tab
        •   PKI Settings Tab
        •   Login Banner Tab
        •   Single Sign-On Settings Tab
    •   Data Privacy Management
      •   Data Privacy Overview
      •   Recommended Configurations
      •   Quick Start Procedures
        •   Prepare to Configure Data Privacy
        •   Configure the Recommended Data Privacy Solution
      •   In-Depth Procedures
        •   Configure Data Obfuscation
        •   Configure Data Retention
        •   Configure User Accounts for Use in Data Privacy
      •   Data Privacy References
    •   System Configuration
      •   System Configuration Overview
      •   Standard Procedures
        •   Access System Settings
        •   Configure Notification Servers
          •   Notification Servers Overview
          •   Configure the Email Settings as Notification Server
          •   Configure Script as a Notification Server
          •   Configure the SNMP Settings as Notification Server
          •   Configure a Syslog Notification Server
        •   Configure Notification Outputs
          •   Notification Outputs Overview
          •   Configure Email as a Notification
          •   Configure Script as a Notification
          •   Configure SNMP as a Notification
          •   Configure Syslog as a Notification
        •   Configure Templates for Notifications
          •   Configure Global Notification Templates
          •   Define a Template for ESA Alert Notifications
          •   Import and Export a Global NotificationsTemplate
        •   Configure Email Server and Notification Account
        •   Configure Global Audit Logging
          •   Configure a Destination to Receive Global Audit Logs
          •   Define a Template for Global Audit Logging
          •   Define a Global Audit Logging Configuration
          •   Verify Global Audit Logs
        •   Configure Centralized Audit Logging
        •   Configure Investigation Settings
        •   Configure Live Services Settings
          •   Live Feedback Overview
          •   Upload Data to RSA
        •   Configure Log File Settings
        •   Configure Syslog and SNMP Settings
      •   AdditionalProcedures
        •   Add Custom Context Menu Actions
        •   Configure NTP Servers
        •   Configure Proxy for Security Analytics
      •   Troubleshooting System Configuration
      •   References
        •   Global Audit Logging Configurations Panel
          •   Add New Configuration Dialog
          •   Supported CEF Meta Keys
          •   Supported Global Audit Logging Meta Key Variables
          •   Global Audit Logging Operation Reference
          •   Local Audit Log Locations
        •   Global Notifications Panel
          •   Define Notification Server Dialogs
          •   Define Notification Output Dialogs
          •   Define Notification Template Dialog
          •   Output Tab
          •   Servers Tab
          •   Templates Tab
        •   HTTP Proxy Settings Panel
        •   Email Configuration Panel
        •   Investigation Configuration Panel
        •   Live Services Configuration Panel
        •   NTP Settings Panel
        •   Context Menu Actions Panel
        •   Legacy Notifications Configuration Panel
    •   System Maintenance
      •   Overview
      •   Review Best Practices
      •   Health and Wellness
        •   Monitor Health and Wellness using NetWitness Platform UI
          •   Manage Policies
            •   Include the Default Email Subject Line
          •   Monitor System Statistics
            •   Filter System Statistics
            •   Create Historical Graph of System Statistics
          •   Monitor Service Statistics
            •   Add Statistics to a Gauge or Chart
            •   Edit Properties of Statistics Gauges
            •   Edit Properties of Timeline Charts
          •   Monitor Hosts and Services
            •   Filter Hosts and Services in the Monitoring View
            •   Monitor Host Details
            •   Monitor Service Details
          •   Monitor Event Sources
            •   Configure Event Source Monitoring
            •   Filter Event Sources
            •   Create Historical Graph of Events Collected for an Event Source
          •   Monitor Alarms
          •   Monitor Health and Wellness Using SNMP Alerts
          •   Troubleshooting Health & Wellness
        •   Monitor using New Health and Wellness
          •   Configuring Alert Notifications
            •   Adding Alert Notifications
            •   Suppressing Notifications
          •   Monitoring through Dashboards
            •   Creating Custom dashboard
          •   Monitoring through Alerts
            •   Creating Custom Monitors
            •   Adding Custom Trigger to an Existing Monitor
          •   Managing Dashboards and Alerts
          •   Managing Alert Notifications
          •   Advanced Configurations
          •   Backup and Restore New Health and Wellness
          •   Troubleshooting Health and Wellness
          •   Appendices
            •   New Health and Wellness Dashboards
            •   New Health and Wellness Monitors
            •   Uninstall New Health and Wellness
      •   Manage NetWitness Platform Updates
      •   Reissue Certificates
      •   DisplaySystem and Service Logs
        •   Access Reporting Engine Log File
        •   Search and Export Historical Logs
      •   Maintain Queries Using URL Integration
      •   Manage the deploy_admin Account
      •   NW Server Host Secondary IP Configuration Management
      •   Change Host Network Configuration
      •   Manage Custom Host Entries
      •   Configure FIPS Support
      •   Configure DISA STIG Hardening
      •   Troubleshoot NetWitness Platform
        •   Debugging Information
        •   Error Notification
        •   Miscellaneous Tips
        •   Troubleshoot Feeds
      •   Troubleshooting Cert-Reissue Command
      •   References
        •   Health and Wellness
          •   Health and Wellness View - Alarms View
          •   Event Source Monitoring View
          •   Health and Wellness Historical Graphs
            •   Historical Graph View for Events Collected from an Event Source
            •   Historical Graph View for System Stats
          •   Health and Wellness Settings View - Archiver
          •   Health and Wellness Settings View - Event Sources
          •   Health and Wellness Settings View - Warehouse Connector
          •   Monitoring View
            •   Archiver Details View
            •   Broker Details View
            •   Concentrator Details View
            •   Decoder Details View
            •   ESA Correlation Details View
            •   ESA Analytics Details View
            •   Host Details View
            •   Log Collector Details View
            •   Log Decoder Details View
            •   Malware Details View
            •   Warehouse Connector Details View
          •   Policies View
            •   Health and Wellness Email Templates
            •   NetWitness Platform Out-of-the-Box Policies
          •   System Stats Browser View
        •   New Health and Wellness Settings
        •   System View - System Info Panel
        •   System Updates Panel - Settings View
        •   System Logging - Settings View
        •   System Logging - Realtime View
        •   System Logging - Historical View
    •   Disaster Recovery Tool
      •   Disaster Recovery
      •   Disaster Recovery Azure
      •   Disater Recovery AWS
      •   Appendix A. Modify fstab for Series 5 and 6 Hybrid Storage After Recovery
  •   Investigate and Respond
    •   NetWitness Investigation
      •   How NetWitness Investigate Works
      •   Configuring NetWitness Investigate Views and Preferences
        •   Configure the Navigate View and Legacy Events View
        •   Configure the Events View
      •   Beginning an Investigation
        •   Begin an Investigation in the Navigate or Legacy Events View
        •   Begin an Investigation in the Events View
      •   Refining the Results Set
        •   Use Meta Groups to Focus on Relevant Meta Keys
        •   Use Columns and Column Groups in the Events List
        •   Use Query Profiles to Encapsulate Common Areas for Investigation
        •   Drill into Metadata in the Events View (Beta)
        •   Filter Results in the Events View
        •   Filter Results in the Navigate View
        •   Filter Results in the Legacy Events View
        •   Create a Query in the Navigate and Legacy Events Views
        •   Search for Text Patterns in the Navigate and Legacy Events Views
        •   View and Modify Queries Using URL Integration
      •   Reconstructing and Analyzing Events
        •   Examine Event Details in the Events View
        •   Analyze Events in the Events View
        •   Reconstruct an Event in the Legacy Events View
        •   Look Up Additional Context for Results
        •   Launch a Lookup of a Meta Key
        •   Launch a Malware Analysis Scan from the Navigate View
        •   Group Events from Split and Related Sessions in the Events and Legacy Events Views
        •   Visualize Metadata as Parallel Coordinates
        •   Visualize the Current Drill Point in Informer
      •   Downloading and Acting Upon Results
        •   Download Data in the Events View
        •   Export or Print a Drill Point in the Navigate View
        •   Export Events in the Legacy Events View
        •   Add Events to an Incident in the Events View
        •   Add Events to an Incident in the Legacy Events View
      •   Troubleshooting Investigate
      •   Investigate Reference Materials
        •   Add Events to an Incident Dialog
        •   Add/Remove from List Dialog
        •   Column Groups Dialogs
        •   Context Lookup Panel
        •   Create an Incident Dialog
        •   Events View
        •   Events View - Email Tab
        •   Events View - File Tab
        •   Events View - Host Tab
        •   Events View - Packet Tab
        •   Events View - Text Tab
        •   Investigate Dialog
        •   Investigation Tab - User Preferences Panel
        •   Investigate View
        •   Legacy Event Reconstruction View
        •   Legacy Events View
        •   Manage Default Meta Keys Dialog
        •   Meta Groups Dialogs
        •   Navigate View
        •   Query Dialog
        •   Query Profiles Dialogs
        •   Generate Springboard Panel Dialog
        •   Settings Dialogs for Investigate Views
    •   Malware Analysis
      •   Malware Analysis Functions
      •   Malware Scoring Modules
      •   Conducting Malware Analysis
        •   Begin a Malware Analysis Investigation
        •   Implement Custom YARA Content
        •   Examine Scan Files and Events in List Form
        •   Configure the Malware Analysis Summary of Events View
        •   Filter Dashlet Data in the Summary of Events View
        •   Upload Files for Malware Analysis Scanning
        •   View Detailed Malware Analysis of an Event
      •   Malware Analysis Reference Materials
        •   Malware Analysis View
        •   Malware Analysis Events List and Files List
        •   Scan For Malware Dialog
        •   Select a Malware Analysis Service Dialog
    •   NetWitness Endpoint Investigation
      •   Introduction to Endpoint Investigation
      •   Workflow of an Investigation
      •   Investigate Files
      •   Investigate Hosts
      •   Investigate Process
      •   Change File Status and Remediate
      •   Analyze Downloaded Files
      •   Perform Forensic Investigation
      •   Analyze Events
      •   Network Isolation
      •   NetWitness Endpoint with Third-Party Antivirus Products
      •   Troubleshooting NetWitness Endpoint
      •   NetWitness Endpoint Reference Materials
        •   Files View
        •   Hosts View
        •   Hosts View - Details Tab
        •   Hosts View - Process Tab
        •   Hosts View - Autoruns Tab
        •   Hosts View - Files Tab
        •   Hosts View - Drivers Tab
        •   Hosts View - Libraries Tab
        •   Hosts View - Anomalies Tab
        •   Hosts View - Downloads Tab
        •   Hosts View - System Information
        •   Hosts View - Agent History Tab
        •   Hosts View - YARA Rules Tab
    •   User and Entity Based Analytics
      •   Introduction
      •   UEBA use Cases for Windows Logs
      •   How to Investigate High-Risk Entities
        •   Identify High-Risk Entities
        •   Begin an Investigation of High-Risk Entities
        •   Take Action on High-Risk Entities
        •   Manage High-Risk Entities
      •   Investigate Top Alerts
        •   Filter Alerts
        •   Investigate Indicators
        •   Manage Top Alerts
      •   Modeled Behaviors for Users
      •   View NetWitness UEBA Metrics in Health and Wellness
      •   Monitor Health and Wellness of UEBA
      •   Reference
        •   Overview View Tab
        •   Users Tab
        •   Alerts Tab
        •   User Profile View
      •   Appendix: UEBA Windows Audit Policy
    •   Respond to Incidents
      •   NetWitness Respond Process
      •   Responding to Incidents
      •   Determine which Incidents Require Action
      •   Investigate the Incident
      •   Escalate or Remediate the Incident
      •   Incident Response Use Case Examples
      •   Reviewing Alerts
      •   Review Endpoint Alerts using Process Tree
      •   NetWitness Respond Reference Information
        •   Incidents List View
        •   Incident Details View
        •   Alerts List View
        •   Alert Details View
        •   Tasks List View
        •   Add/Remove From List Dialog
        •   Context Lookup Panel - Respond View
    •   Generate Reports
      •   Reporting Overview
      •   Configure and Generate a Report
      •   Configure a Rule
      •   Create and Schedule a Report
      •   View a Report
      •   Investigate a Report
      •   Manage a List or Rule or Report
      •   Working with Charts
        •   Chart Overview
        •   Configure a Chart
        •   Schedule a Chart
        •   View a Chart
        •   Test a Chart
        •   Investigate a Chart
        •   Manage Chart Groups and Charts
      •   Working with Alerts
        •   Alert Overview
        •   Configure Reporting Engine
        •   Configure an Alert
        •   Schedule an Alert
        •   View an Alert
        •   Investigate an Alert
        •   Manage Alerts and Alert Templates
      •   Appendix
        •   Rule Syntax
        •   Warehouse DB Simple Rules
        •   Warehouse DB Advanced Rules
        •   Task Scheduler for Warehouse Reporting
        •   Query Aggregates
        •   Troubleshoot Reporting
      •   Reporting References
        •   Build Chart View
        •   Build List View
        •   Build Report View
        •   Build Rule View
        •   Chart Permissions Dialog
        •   Chart View
        •   Execution History Panel
        •   Generate List Dialog
        •   Import Chart Dialog
        •   Import Report Dialog
        •   Investigate a Chart View
        •   List Permissions Dialog
        •   List View
        •   Reports Permissions Dialog
        •   Report View
        •   Rule Permissions Dialog
        •   Rule View
        •   Select a Logo Dialog
        •   Schedule a Chart View
        •   Schedule Report Panel
        •   Scheduled Reports View
        •   Test a Chart View
        •   View a Chart Panel
        •   View All Charts Panel
        •   View a Report Panel
        •   View All Reports Panel
      •   Alerting References
        •   Alert List View
        •   Alert Permissions Dialog
        •   Alert Schedules View
        •   Create or Modify Alert Panel
        •   Investigate an Alert View
        •   Import Alert Dialog
        •   Template References
          •   Alert Template View
          •   Create or Modify Template View
        •   View Alerts Schedule View
        •   View Alerts View
  •   Develop and Integrate
    •   RSA Archer Integration
      •   RSA Archer Integration
      •   Configure NetWitness Suite to Work With Archer
      •   Manage Unified Collector Framework
      •   Troubleshoot RSA Archer Integration
    •   RSA Endpoint Integration
      •   RSA Endpoint Integration
      •   Configure Endpoint Alerts via Message Bus
      •   Configure Contextual Data from Endpoint via Recurring Feed
      •   Configure Endpoint Alerts via Syslog into a Log Decoder
    •   RESTful API Guide
      •   Intro
      •   Usage
      •   Enable
      •   Packets
      •   Parser/Feed Upload
      •   Statistics Graph
      •   SDK Commands
    •   NetWitness Core Services API Guide
    •   NetWitness API Guide
    •   NetWitness Shell User Guide
      •   shell
      •   tree
    •   NetWitness NwConsole Guide
      •   Access NwConsole and Help
      •   Basic Command Line Parameters and Editing
      •   Connecting to a Service
      •   Monitoring Stats
      •   Useful Commands
      •   SDK Content Command
      •   SDK Content Command Examples
      •   Commands Used for Troubleshooting
  •   Getting Help with NetWitness

Product Resources

  •   Advisories
    •   NetWitness Platform
      •   Product Advisories
      •   Security Advisories
      •   Service Notifications
      •   Technical Advisories
    •   NetWitness Orchestrator
      •   Product Advisories
      •   Security Advisories
      •   Service Notifications
      •   Technical Advisories
  •   Blog
  •   Discussions
  •   Documentation
    •   NetWitness Platform
    •   Cloud SIEM
    •   Detect AI
    •   Hardware Setup Guides
    •   Investigator
    •   Orchestrator
    •   Threat Intelligence
  •   Downloads
    •   RSA NetWitness Platform
    •   RSA NetWitness Investigator
    •   RSA NetWitness Endpoint
  •   Events
  •   Ideas
  •   Integrations
  •   Knowledge Base
    •   NetWitness Platform
    •   NetWitness Endpoint 4.x
  •   Training
  •   Videos
Release Notes for 11.7.2

Release Notes for 11.7.2

This section of the documentation consists of the following topics:

  • What's New
  • Fixed Issues
  • Product Documentation
  • Getting Help with NetWitness Platform
  • Build Numbers
 
Labels (2)
Labels:
  • Documentation

  • Version 11.7.2

0 Likes
Was this article helpful? Yes No
Share
No ratings

On this page

Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.