I guess the question is why would you want to? SA is a market leading
security platform, why would you want to degrade performance with an
open source IDS that can be thrown onto any old linux box (or VM) - I
have heard good things about "smoothsec" ...
F11 should work - see the following link detailing the process:
http://docs.netwitness.com/2-RSA_SA10.2_User_Guide/10_Admin_Tasks/70_Install_Configure_SAW/10_Install_and_Configure_Warehouse_on_a_Physical_Appliance/10_Re-image_Appliance_Using_Security...