This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
DaveGlover
Trusted Contributor DaveGlover Trusted Contributor
Trusted Contributor
since ‎2016-03-10
Thursday

User Statistics

  • 188 Posts
  • 11 Solutions
  • 2 Likes given
  • 120 Likes received
Making Yourself at Home
Welcome Back!
Standing Ovation
Stamps of Approval
View all badges
Announcement Banner

Users are unable to open Netwitness Support Cases via email. Please open support cases via portal or by phone

View Details
  • NetWitness Community
  • About DaveGlover

User Activity

  • Posts
  • Replies

Pi-hole log support in NetWitness

by DaveGlover 2020-11-05 general.in NetWitness Discussions
2020-11-05
Many of you may be using a Pi-hole in your home labs, or even at the office. The issue is the logs are stored in a local text file and NetWitness does not support the logs. As many know DNS records are very useful in threat hunting, so I wanted to br...

Issues with setting up SFTP agent collection

by DaveGlover 2020-09-17 general.in NetWitness Discussions
2020-09-17
Lately I have been using the sftpagent quite a bit for moving log files to NetWitness. I have been running into the same issue on installs recently. The issue happens on the first sftpagent agent connection to a log collector. After installing the ag...

Troubleshooting UEBA Event Collection

by DaveGlover 2020-06-22 general.in NetWitness Discussions
2020-06-22
After setting up UEBA You need to make sure you are collecting the following Event IDs from Hosts as well as Network Events Active Directory Model -> device.class = 'windows hosts' && reference.id = '4741','4742','4733','4734','4740','4794','5376','5...

Log Parser tool on Linux

by DaveGlover 2020-02-06 general.in NetWitness Discussions • latest reply by JoshRandall 2020-03-05
2020-02-06
Currently the Log Parser Tool is built for Windows and Mac. Using Wine 4.x you can install and run the Log Parser tool on Linux (Mint and Ubuntu) To install and run the LPT on linux you need to follow the following instructions: Install Wine 4.x Down...

Exporting and Re-Injecting Logs and Maintain Original Date/Time

by DaveGlover 2018-09-12 general.in NetWitness Discussions • latest reply by AkramHamed 2019-01-31
2018-09-12
There are times when you would like to export data from a log decoder and then re inject it into a new log decoder. Typically you would do this through the investigator interface, save the file and then upload this file into the new log decoder. The ...
View more

Re: RSA Netwitness

by DaveGlover 2021-10-27 general.in NetWitness Discussions
2021-10-27
Greetings and welcome to RSA Link

Re: ESA Rule - Grouping Alerts

by DaveGlover 2021-10-27 general.in NetWitness Discussions • latest reply by MaximMarchenko 2021-11-11
2021-10-27
I think your issue is the time_batch. I would use time_length_batch. Also keep in mind that by adding the logon_type=3 you are limiting this statement to only logins via the network and you are excluding interactive logins. Hope this helps I recreate...

Re: EPL: Advanced Query - Using a ContextHub Whitelist from within a created 'context'

by DaveGlover 2021-10-27 general.in NetWitness Discussions • latest reply by danielfortes a month ago
2021-10-27
Have you gotten an answer for this yet? I don't have the answer, but I can research a solution for you.

Re: Identifying Disk Performance Bottlenecks

by DaveGlover 2021-10-27 general.in NetWitness Discussions • latest reply by JeremyKerwin 2021-10-29
2021-10-27
Jeremy, are you using the new health and wellness dashboards? These are exceptional at viewing all the statistics around any service. It also provides historical data as well as trending. This should make it easier to see what the concentrator is doi...

Re: Alerting Meta Value - APP Rule - Seems to get pretty large

by DaveGlover 2021-10-27 general.in NetWitness Discussions
2021-10-27
For whitelisting in ESA you could also create an enrichment feed and list your white listed elements in there vs an app rule. I would need to see an example of what you are trying to do, to better assist. You can reach out to my directly at my first....
View more
Likes from
User Count
Nijo
Nijo Contributor
1
JeremyKerwin
JeremyKerwin Trusted Contributor
2
CSOCTeamL2
CSOCTeamL2 Contributor
1
MarcoDemonte
MarcoDemonte Occasional Contributor
1
Anonymous
13
View all
Likes given to
User Count
JoshRandall
Valued Contributor JoshRandall Valued Contributor
1
View all
Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.