Has anyone been able to get the context menu actions to call a script or
a POST url? What I'm trying to do is the ability to right click a URL
and POST a URL to an external Sandbox API. I've got the POST url
required, etc but need to figure out how t...
Hey, I'm looking to see if anyone has seen or developed any scripts from
Netwitness to block IP's on Fortinet firewalls, etc. I am hoping to find
some basics of what's needed and how to get started to start automating
some of our incident response ac...
Hello, There are a bunch of lists of IP addresses and Domains from
various public and private lists we currently pull into Netwitness Logs
and Packets for alerts and looking for threats. I was hoping to be able
to pull some of these same lists into N...
Hello, I'm trying to figure out how to write a more complex rule that
does the following: - Create Incident if system has an IOC group by IP
address during a 24 hour time period. - If an alert exists from the same
IP address for a Malware alert add t...
Hello, Recently I've noticed that the threat source has disappeared
'rsa-firstwatch' and are left with only a threat desc of
http://firstwat.ch/amgxxb or whatever it may be. In an attempt to filter
through the noise, I tried to flag only on IOC's tha...
Live is the subscription in RSA Logs and Packets/Endpoint where threat
intelligence that comes from RSA that you can subscribe to and deploy.
You can subscribe and deploy these feeds by going to Live->Search and
putting in Rig in the search box. This...
Hi Biju, while I don't have archer at the moment to get this data and
looking at methods of doing it without archer, I think this would be a
great feature. Then when configuring ESA alerting or even incident
creation within NW, the Criticality is bro...
Thanks Jeremy. I've got it working properly in Logs and Packets but
can't seem to find a place to configure or set this up in Netwitness
Endpoint. I have a feed with values in a .CSV file the Logs and Packets
takes in and the .xml file that maps the ...