Review Best Practices

Review the following best practices to maintain your NetWitness Platform deployment.

Safeguarding Assets with NetWitness Supplied Policies

The purpose of the NetWitness core policies delivered with NetWitness are for safeguarding your NetWitness domain assets immediately (before you configure rules specific to your environment and your security policy).

NetWitness recommends that you set up email notifications to the appropriate asset owners for these policies as soon as possible. This will notify them when performance and capacity thresholds are crossed so they can take action immediately.

NetWitness also recommends that you evaluate the core policies and disable a policy or change its service and group assignments according to your specific monitoring requirements.

Safeguarding Assets with Policies Based on Your Environment

NetWitness core policies are generic and may not provide sufficient monitoring coverage for your environment. NetWitness recommends that you gather issues over a period of time, that are not identified by the NetWitness core policies, and configure rules to help you prevent these issues.

Creating Rules and Notifications Judiciously

NetWitness recommends that you make sure that each rule and policy is necessary before you implement it, if possible. NetWitness also recommends that you review implemented policies on a regular basis for their validity. Invalid alarms and email notifications can adversely affect the focus of the asset owners.

Troubleshooting Issues

NetWitness recommends that you review Troubleshooting Health & Wellness and Troubleshoot NetWitness Platform when you receive error messages in the user interface and log files from hosts and services.