NetWitness Community

Quick question – if I need to decommission the entire RSA NetWitness platform / servers, but still need access to Archiver logs for a certain duration, what all components will I have to keep alive? As per my knowledge, the following will have to be ...

We've got a requirement to move all our raw logs and meta stored on the Archiver to the Splunk platform. Now, I see there's a document on the Community that speaks of RSA NetWitness and Splunk. I’ve gone through the document. I find procedures to piv...

I get the following error while deploying the rule. I've check the syntax and it says rule is valid. ESA was unable to deploy one or more rules, and these rules were disabled. Common issues include: missing metadata, invalid rule syntax, and unavaila...

I see bytes.src metakey is said to capture Bytes Sent.rbytes metakey is said to capture Bytes Received, and yet it is always empty.I do also see bytes metakey, the value of which is always greater than bytes.src, but this key is not indexed. What exa...

Upgrade from RSA SA 10.6.6 to NetWitness 11.3. I've run the backup script, and am getting the following error for 4 of my 18 machines, others are fine. 2019-09-10 18:32:47 +0100 | 29554 | Backing up ETC(/etc) files from: VLC2019-09-10 18:32:55 +0100 ...