This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
VishamRawat
VishamRawat Beginner
Beginner
since ‎2018-07-24
‎2021-04-14

User Statistics

  • 88 Posts
  • 2 Solutions
  • 37 Likes given
  • 3 Likes received
Announcement Banner

Users are unable to open Netwitness Support Cases via email. Please open support cases via portal or by phone

View Details
  • NetWitness Community
  • About VishamRawat

User Activity

  • Posts
  • Replies

Retaining Archiver post Decommissioning

by VishamRawat 2020-03-24 general.in NetWitness Discussions
2020-03-24
Quick question – if I need to decommission the entire RSA NetWitness platform / servers, but still need access to Archiver logs for a certain duration, what all components will I have to keep alive? As per my knowledge, the following will have to be ...

Raw logs and Meta from Archiver to Splunk

by VishamRawat 2020-03-17 general.in NetWitness Discussions • latest reply by DaveGlover 2021-02-09
2020-03-17
We've got a requirement to move all our raw logs and meta stored on the Archiver to the Splunk platform. Now, I see there's a document on the Community that speaks of RSA NetWitness and Splunk. I’ve gone through the document. I find procedures to piv...

Unable to deploy ESA rule

by VishamRawat 2020-01-30 general.in NetWitness Discussions • latest reply by VishamRawat 2020-01-31
2020-01-30
I get the following error while deploying the rule. I've check the syntax and it says rule is valid. ESA was unable to deploy one or more rules, and these rules were disabled. Common issues include: missing metadata, invalid rule syntax, and unavaila...

Difference between bytes, rbytes and bytes.src metakey

by VishamRawat 2020-01-30 general.in NetWitness Discussions • latest reply by WilliamMotley1 2020-01-30
2020-01-30
I see bytes.src metakey is said to capture Bytes Sent.rbytes metakey is said to capture Bytes Received, and yet it is always empty.I do also see bytes metakey, the value of which is always greater than bytes.src, but this key is not indexed. What exa...

RSA SA 10.6.6 Backup - Error backing /etc directory

by VishamRawat 2019-09-11 general.in NetWitness Discussions • latest reply by JohnSnider 2019-09-16
2019-09-11
Upgrade from RSA SA 10.6.6 to NetWitness 11.3. I've run the backup script, and am getting the following error for 4 of my 18 machines, others are fine. 2019-09-10 18:32:47 +0100 | 29554 | Backing up ETC(/etc) files from: VLC2019-09-10 18:32:55 +0100 ...
View more

Re: Raw logs and Meta from Archiver to Splunk

by VishamRawat 2020-03-20 general.in NetWitness Discussions • latest reply by Nauman 2021-02-09
2020-03-20
Hi Aaron, Do I need to enable access to port 50108 on the Archiver, in some configuration setting on the UI/appliance? Because right now, all I'm able to access is port 50106, and not 50108.

Re: Raw logs and Meta from Archiver to Splunk

by VishamRawat 2020-03-18 general.in NetWitness Discussions • latest reply by AaronMartin2 2021-02-09
2020-03-18
Hi Aaron, For some reason, I've been able to access the REST API UI of the Archiver, and I just can't find the /sdk node. It doesn't exist. I can see a list of other nodes like /logs, /appliance, /services, etc. but not /sdk. I believe the raw logs a...

Re: Raw logs and Meta from Archiver to Splunk

by VishamRawat 2020-03-17 general.in NetWitness Discussions • latest reply by AaronMartin2 2021-02-09
2020-03-17
Hi Dave, Thanks for the response. I accessed the REST API for the Archiver via port 50106. I do see a Logs folder there, but it contains only System logs [authentication]. Where do I find the device logs?

Re: Unable to deploy ESA rule

by VishamRawat 2020-01-31 general.in NetWitness Discussions
2020-01-31
Fixed. Error - The groupwin view must occur in the first position in conjunction with multiple data windows. Simply switched the position of groupwin() with unique(), to ensure the former was defined first in the rule syntax sequence.

Re: Concentrator - Aggregation Settings

by VishamRawat 2019-09-10 general.in NetWitness Discussions
2019-09-10
Thanks Mohammed!
View more
Likes from
User Count
MichaelJacob4
MichaelJacob4 Beginner
1
dougds
dougds New Contributor
1
SravanKoneti1
SravanKoneti1 Beginner
1
View all
Likes given to
User Count
AaronMartin2
Employee AaronMartin2
3
WilliamMotley1
Frequent Contributor WilliamMotley1 Frequent Contributor
1
MohammedMustafa
Frequent Contributor MohammedMustafa Frequent Contributor
3
AlessioAlfonsi
Contributor AlessioAlfonsi Contributor
1
SeanGriesheimer
Employee SeanGriesheimer
2
View all
Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.