NetWitness Community

BaptOnfroy · 2023-05-17

Hello, I have a threat intelligence platform based on OpenCTI. I would like to synchronise my indicators with my Netwitness platform but Netwitness does not support TAXII V2. Do you have any solutions? Thanks,

BaptOnfroy · 2022-07-29

Hello community, We have been working for 1 year with the SIEM part of netwitness. Now we have integrated the EDR part. I am facing a problem, how do you create your EDR use cases? After some internet research I can't find anything very relevant. I g...

BaptOnfroy · 2022-05-16

Hello team, I would like to collect the logs of the Box. Has someone already done it here? Thank you !

BaptOnfroy · 2023-05-17

I opened a support case on this topic and received the following information I have checked internally and I can confirm that we have plans to support STIX/TAXII 2 in our future release. So far which version is not yet decided. We have created an RFE...

BaptOnfroy · 2023-05-17

It's terrible that a solution like Netwitness does not support TAXII V2 ... I think I'll have to use the same methodology as you

BaptOnfroy · 2023-05-17

Hi Jeremy, You have to edit App Rules in your decoder to make whitelist on false positivesRegards,

BaptOnfroy · 2023-05-17

Hi Rob, You have to edit App Rules in your decoder. For example, you can add filename.src != ’BitDefender.exe’ Regards,

BaptOnfroy · 2022-07-29

Thank you for your answer, the process does not seem easy but your answer is very complete.

NetWitness Community

User Statistics

User Activity

Synchronise OpenCTI with Netwitness

How to create EDR use cases ?

Collecte Box events

Re: Synchronise OpenCTI with Netwitness

Re: Synchronise OpenCTI with Netwitness

Re: What's the proper procedure of filtering false positives from ioc, boc, eoc

Re: Whitelist a specific file in EDR module

Re: Collecte Box events