This post is completely unsupported by RSA Support and indeed RSA, but
it might be interesting if you want to try it. In Netwitness 10.X the
current weakness in the topology is that the SA Server is a single point
of failure and it monitors the other...
Unfortunately its not currently possible to see if the maximum sessions
behind on an ESA easily. This script enables it to be monitored.
Usage:./check_esa_sessions_behind.sh -w VALUE -c VALUE | -hThis plug-in
is used to be alerted when maximum ESA be...
Last Updated: 12:41 February 27th 2017Latest Version: 17 I had a
customer who wishes to extract the raw event time for particular logs.
This is because they use this raw event time for further analysis of
events in a third party system. The raw event...
I have a customer who use something called a "Data Diode" to enforce one
way connectivity through their network.One result of this is that any
syslog that is being sent through the diode gets its device IP changed.
For example any message that was se...
Hello without services I think you are setting up your project for
failure. Here is my prediction:1 you have problems implementing leading
to multiple support calls2 this leads to the project deadlines being
missed3 you get increasingly dissatisfied ...
Hello Thanks for using Netwitness and welcome to the forum.
Unfortunately Netwitness is a complex product and I wouldn't describe it
as a product that you can just purchase off the shelf and install it by
following a series of manuals. I would strong...
Is using winrm as a collection method an alternative?I would have
thought it was easier to set up as it can be controlled via domain
policy and also scripted to be deployed in large environments.
There have been a few changes to the checkpoint parser, which means the
original parser posted here also needs to be updated. Bascially the time
in the log is now in fld85. After updating your CheckPoint parser from
Live please ensure: 1. Change the ...
