NetWitness Community

HelmutWahrmann

If it is just a simple query without correlation needed, looking for something on a single event source, then a Reporting Alert would work. The same thing could be done on ESA. I have some customers using the query for the alert not directly in the r...

HelmutWahrmann

Do your events contain the event time in some form?Looking at the parser code, i see that they should normally have a month, day and timestamp.That can then be used to set the event time.

HelmutWahrmann

For the Node Zero (Admin Server) you should plan like 40GB Ram, ESA about 8 - 12 and then for a Packet Hybrid or Endpoint Log Hybrid you could allocate 8 GB RAM each.

HelmutWahrmann

content of all former webinars can be found here: https://www.netwitness.com/resources/webinars/

HelmutWahrmann

try it with msiexec and specify the /i or /fvam flags

NetWitness Community

User Statistics

User Activity

Re: Real world use case for alerts generated from report engine

Re: Parse event time in netwitness aix parser

Re: Building a test lab

Re: Easy Peasy Python webinar - blog post?

Re: Upgrading NWE Endpoint Agents using MSI files. no SCCM