This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
      • Netwitness XDR
      • EC-Council Training
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
    • Role-Based Training
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
ChristopherAhea
ChristopherAhea Beginner
Beginner
since ‎2012-12-12
‎2022-01-14

User Statistics

  • 177 Posts
  • 11 Solutions
  • 13 Likes given
  • 198 Likes received
Announcement Banner

Scheduled maintenance for single sign-on for communities and myRSA on January 26th

View Details
  • NetWitness Community
  • About ChristopherAhea

User Activity

  • Posts
  • Replies

What's on your wire: ScreenConnect/ConnectWise

by ChristopherAhea 2019-04-25 general.in NetWitness Community Blog
2019-04-25
With the recent news about ScreenConnect used in data breaches, I had the opportunity to examine some of the network traffic. This was traffic that was originally in OTHER, but as you know, that just means it's an opportunity to learn about some new ...

What's on your wire: The curious case of ICMP Tunneling

by ChristopherAhea 2019-02-26 general.in NetWitness Community Blog
2019-02-26
I've come across ICMP tunneling only a handful of times, but this was the first time I had seen it used as part of a VPN client. The VPN client was SoftEther VPN and, in addition to SSL VPN, it can also perform ICMP and DNS tunneling. During a recent...

What's on your wire: Zero-Width Spaces and their hidden danger

by ChristopherAhea 2019-01-28 general.in NetWitness Community Blog
2019-01-28
There are many reasons I enjoy working with the RSA Netwitness Platform, but it’s when our customers turn their attention to threat hunting that really makes things exciting. In one case, there was a need where they could take new threat intelligence...

What's on your wire: Splunk forwarder traffic

by ChristopherAhea 2019-01-21 general.in NetWitness Community Blog
2019-01-21
Often times, RSA NetWitness Packet decoders are configured to monitor not only ingress and egress traffic, but also receive internal LAN traffic as well. On a recent engagement, we identified a significant amount of traffic going to TCP port 9997. It...

What's on your wire: Doing more with GEOIP

by ChristopherAhea 2018-10-29 general.in NetWitness Community Blog
2018-10-29
I was recently working with Eric Partington who asked if we could get the Autonomous System Numbers from a recent update to GEOIP. I believe at one point this was a feed, but had been deprecated. After a little bit of research, I learned that an upda...
View more

Re: Implement Frequency Score meta to Domain names

by ChristopherAhea 2019-01-04 general.in NetWitness Discussions
2019-01-04
I was also thinking of that DNS Tunneling article as well. I think a feed and a report could work, though it might be slightly behind depending on the feed update interval.

Re: Packet Decoder Key Stats missing

by ChristopherAhea 2019-01-02 general.in NetWitness Discussions • latest reply by JeremyKerwin 2019-01-02
2019-01-02
Is this a new or recently rebuilt/refreshed packet decoder? I saw something similar recently where some stats where not displayed initially as there was only one nwpdb file. Since there was only one file, there was nothing else to compare against. No...

Re: Lua Parser against raw meta-key

by ChristopherAhea 2018-12-17 general.in NetWitness Discussions • latest reply by ShrinidhiShastr 2018-12-17
2018-12-17
Just to be clear, it is possible to use Lua in this instance, however, it would be best to use the options referenced above. If we were just to operate on meta, then we could certainly do meta callbacks and perform the operations we need (typically s...

Re: Indexing Log Source Event Time and Lua Parser Callbacks?

by ChristopherAhea 2018-11-07 general.in NetWitness Discussions
2018-11-07
Let's take this offline and email me directly. Once we work through this, we can post the solution. christopher.ahearn@rsa.com Chris Sent from my mobile device

Re: Indexing Log Source Event Time and Lua Parser Callbacks?

by ChristopherAhea 2018-11-06 general.in NetWitness Discussions
2018-11-06
I think you just need to change some of the variable names in your function. Furthermore, I don't think you need the tokens or functions for sessionBegin or sessionEnd. The one that we really need is copymeta.myMeta. The function variables then just ...
View more
Likes from
User Count
Anonymous
25
KennethEvans
Employee KennethEvans
4
DanielDrew
Employee DanielDrew
2
DavidGassman2
DavidGassman2 Occasional Contributor
4
MarcoMeli
Occasional Contributor MarcoMeli Occasional Contributor
1
View all
Likes given to
User Count
MaxFauda
Occasional Contributor MaxFauda Occasional Contributor
1
LeeKirkpatrick
Valued Contributor LeeKirkpatrick Valued Contributor
2
GuyBruneau
GuyBruneau Frequent Contributor
1
ChrisThomas
ChrisThomas Frequent Contributor
3
JustinGrosfelt
JustinGrosfelt Beginner
1
View all
Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.