This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
      • Netwitness XDR
      • EC-Council Training
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
    • Role-Based Training
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
TwinkleLath
Occasional Contributor TwinkleLath Occasional Contributor
Occasional Contributor
since ‎2016-02-02
‎2021-04-10

User Statistics

  • 24 Posts
  • 1 Solutions
  • 7 Likes given
  • 39 Likes received
Welcome Back!
Welcome
Stamps of Approval
Someone Likes You
View all badges
  • NetWitness Community
  • About TwinkleLath

User Activity

  • Posts
  • Replies

Setting up a Node-X (Decoder/Concentrator/Log Decoder/Archiver) in NW 11.0

by TwinkleLath 2018-01-18 general.in NetWitness Discussions
2018-01-18
Pre-requisite: A Node-0 i.e Admin Server(aka SA Server in 10.x versions) must be installed first.Steps:1)Login to the new Node-X machine with the default root credentials2)Now once you run /opt/rsa/platform/nw-bootstrap/bin/nwsetup-tui. Select the "N...

Important information on user "deploy_admin" in NW 11.0

by TwinkleLath 2018-01-18 general.in NetWitness Discussions • latest reply by david_waugh 2019-06-14
2018-01-18
- The password for deploy_admin user should be same across all appliances.- This user is used to connect rabbitmq, few mongo db tables(more or like guest user in 10.x version) - If you change the deploy_admin user password in the NetWitness Suite Use...

Services on NW 11.x Admin Server

by TwinkleLath 2018-01-18 general.in NetWitness Community Blog • latest reply by DanielDrew 2019-10-10
2018-01-18
ServiceCommand Log File LocationPurposeAdmin Serverservice rsa-nw-admin-server restart/var/log/netwitness/admin-server/admin-server.logThe NetWitness Suite Administration Server (Admin server) is the back-end service for administrative tasks in the N...

Re: Memcached Vulnerability

by TwinkleLath 2018-03-16 general.in NetWitness Discussions
2018-03-16
This attack only affects servers that have the Memcached service installed on it. The NetWitness appliances don't use this program and its not installed, and so NW is not vulnerable to this type of attack.

Re: Parser in Netwitness

by TwinkleLath 2018-03-15 general.in NetWitness Discussions
2018-03-15
Hi Sonam, An event consists of header, message id & payload.The logic behind choosing the message ID is to group events together and analyze which value makes each event unique.The Header is used to help identify the Event Source by identifying and d...

Re: Archiver Gang check

by TwinkleLath 2018-03-15 general.in NetWitness Discussions
2018-03-15
Hi Saad, You need to check such messages.Mar 12 09:27:09 DRArchiver NwArchiver[33111]: [Aggregation] [info] Device 'xx.xx.xx.xx:50002' consumed session ranges [161380974343-161396973342] In your case, on arch1, you should see consumed 1-10000on arch2...

Re: Parser in Netwitness

by TwinkleLath 2018-03-15 general.in NetWitness Discussions • latest reply by SonamSingla 2018-03-15
2018-03-15
Hi Sonam, Parsers are matched to devices based on internal scoring from header matches. The log gets matched to a header first.You can force match a device with parser using device mapping.For more details, refer:https://community.rsa.com/docs/DOC-83...

Re: Memcached DDoS Exploit Code

by TwinkleLath 2018-03-15 general.in NetWitness Discussions
2018-03-15
Hi Shahnawaz, This attack only affects servers that have the Memcached service installed on it. The NetWitness appliances don't use this program and its not installed, and so NW is not vulnerable to this type of attack. Regards,Twinkle
View more
Likes from
User Count
GyeonghwanHong
Contributor GyeonghwanHong Contributor
1
marcsjohnson
marcsjohnson Occasional Contributor
1
Anonymous
1
StefanoElia2
StefanoElia2 Beginner
1
DanielDrew
Employee DanielDrew
1
View all
Likes given to
User Count
SeanGriesheimer
Employee SeanGriesheimer
1
JacobDorval
JacobDorval Beginner
1
AmarnathPai
AmarnathPai Beginner
1
NicolaDiMarzo
NicolaDiMarzo Beginner
1
TimothyUnderhay
TimothyUnderhay Beginner
1
View all
Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.