RSA recently updated NetWitness and changed the product name to Security
Analytics. NetWitness used a Windows-based client for investigation of
network sessions. Security Analytics adds the ability to conduct
investigations via a new web interface. M...
This post is primarily for customers of RSA NetWitness (Security
Analytics), although it may be interesting to security practitioners
that conduct security investigations. We describe how to use the the
Threat Analytics Chrome Extension
I'm using a very simple query to pull back all hosts from NetWitness for
offline analysis. You can see a small sample of the results below. The
query for alias.host returns all values, which have many redundant
entries.The same query using Investigat...
You could just bookmark the decoders assuming you have the REST API
enabled. Just type the following into any browser that can connect to
decoder/concentrator. I've also include the REST queries for individual
stats that may be useful below. http://n...
Rui - you nailed it! The lack of the "&expiry=0" was the issue. The
values lookup performance versus the query lookup performance is very
different. Since the host.alias is indexed and the lookup was over a
short timeframe, I'm very surprised at the ...
Rui, Thanks for the response. Using your method versus a query seems to
time out with simple request to bring back 100 values. Using a WHERE
clause to restrict the time to an hour window didn't seem to make a
Good idea. You can also just do a ping -a when you get down to the point
of actually needing to pinpoint a specific machine. You should also then
ping the hostname that is returned in case the IP has changed. However,
many times the old IP address wi...
Below is a sample format we use to document use cases for customers. It
would be useful to have a common format for sharing this information. In
regards to Fielder excellent post, he could still list 90% of the
content for the 25 sample use cases and...