NetWitness Community

CraigBird2 · 2014-06-26

I guess the question is why would you want to? SA is a market leading security platform, why would you want to degrade performance with an open source IDS that can be thrown onto any old linux box (or VM) - I have heard good things about "smoothsec" ...

CraigBird2 · 2014-03-03

Sorry just noticed you said hour (not minute), change the time window dropdown to hour. screenshot of the investigation window below:Craig

CraigBird2 · 2014-03-03

CraigBird2 · 2014-02-20

F11 should work - see the following link detailing the process: http://docs.netwitness.com/2-RSA_SA10.2_User_Guide/10_Admin_Tasks/70_Install_Configure_SAW/10_Install_and_Configure_Warehouse_on_a_Physical_Appliance/10_Re-image_Appliance_Using_Security...

CraigBird2 · 2013-12-09

This is a challenge, but as we have GeoIP information this makes things easier, I would use a logic such as: org.dst != microsoft Craig

NetWitness Community

User Statistics

User Activity

Re: SNORT

Re: A user with more than 5 logon failures within an hour

Re: A user with more than 5 logon failures within an hour

Re: re-image RSA SA4Logs

Re: Creating new Meta