This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
      • Netwitness XDR
      • EC-Council Training
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
    • Role-Based Training
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
MaximilianoCitt
MaximilianoCitt Frequent Contributor
Frequent Contributor
since ‎2015-11-19
a month ago

User Statistics

  • 91 Posts
  • 4 Solutions
  • 81 Likes given
  • 49 Likes received
Frequent Flyer
Articulate
Making Yourself at Home
Welcome Back!
View all badges
  • NetWitness Community
  • About MaximilianoCitt

User Activity

  • Posts
  • Replies

Consume a CSV via File Method with CRLF within values

by MaximilianoCitt 2021-11-09 general.in NetWitness Discussions
2021-11-09
Hi community, We are currently working with a customer who needs to integrate into Netwitness the results of some reports generated by a database auditing tool. These reports are files in CSV format. Within these reports, we have different columns an...

Help with ESA rule

by MaximilianoCitt 2021-07-14 general.in NetWitness Discussions • latest reply by EduCarbonell 2021-07-22
2021-07-14
Dear Community, I'm trying to write an ESA rule to trigger when the customer gets 10 error 500 and 10 error 400 for a Web Service in 5 minutes.the thing here is, the customer wants the rule to trigger the alert regardless of how the events arrives, f...

About SNMP transform files

by MaximilianoCitt 2021-01-27 general.in NetWitness Discussions
2021-01-27
Hi community! I have done some research in the log collector, and I have found some config files under /etc/netwitness/ng/logcollection/content/transform/snmptrap regarding how the log collector transforms the intcomming snmp traps based basically on...

How to check in-memory tables in ESA?

by MaximilianoCitt 2020-08-28 general.in NetWitness Discussions • latest reply by MaximilianoCitt 2020-09-01
2020-08-28
I've a customer who has deployed the "user login baseline" rule into the ESA. What we need to know is the statistics taken by ESA for each user.In 10.x we had esa-client, now I don't know if we have that tool to check cep memory tables. Any suggestio...

Zulu Time (UTC) Parsing with NLPT

by MaximilianoCitt 2020-08-24 general.in NetWitness Discussions
2020-08-24
Hi Community, I'm currently working on a custom parser for a customer and I realize the time date of the event is provied in Zulu format. I need to know how to properly parse it, because there is nothing documented on the NLPT User Guide about that k...
View more

Re: Function description for the nwll.lua library?

by MaximilianoCitt 2021-09-02 general.in NetWitness Discussions • latest reply by NielsVanEijck 2021-09-06
2021-09-02
Hi Niels, you could take a look at this article https://community.rsa.com/t5/netwitness-blog/parsers-book-zip/ba-p/524569 I don't really know if the nwll.lua file in there is the same version as is currently deployed in NW 11.x but, you can take a lo...

Re: Help with ESA rule

by MaximilianoCitt 2021-07-22 general.in NetWitness Discussions
2021-07-22
Hi EduCarbonell! Thank you so much for helping with this rule. The sintax of your rule seem to work if I don't care about the amount of 4xx or 5xx errors. For example, your rule seems to match if there are 20 errors 4xx, 10 4xx and 10 5xx or 20 5xx. ...

Re: How to check in-memory tables in ESA?

by MaximilianoCitt 2020-09-01 general.in NetWitness Discussions
2020-09-01
Thank you for your reply Karim!in other hand, is there any kind of query to list all the named windows running in memory? Regards,Max

Re: How to check in-memory tables in ESA?

by MaximilianoCitt 2020-08-28 general.in NetWitness Discussions
2020-08-28
Just in case anyone else need it:https://community.rsa.com/docs/DOC-110252#ViewNamedWindow

Re: WinRM - Incomplete events with System Channel on ID 7036

by MaximilianoCitt 2020-08-04 general.in NetWitness Discussions
2020-08-04
Aaron, I have checked that with my customer and already has that check enable...One thing to keep in mind: this is the only type of events that seems to be incomplete.
View more
Likes from
User Count
NielsVanEijck
NielsVanEijck Contributor
1
LouisAndreGagn1
LouisAndreGagn1 Beginner
1
MohammedMustafa
Frequent Contributor MohammedMustafa Frequent Contributor
1
YashRajora
YashRajora Beginner
1
drewjc
drewjc Occasional Contributor
1
View all
Likes given to
User Count
Anonymous
1
WilliamMotley1
Frequent Contributor WilliamMotley1 Frequent Contributor
1
MichaelGallegos
Frequent Contributor MichaelGallegos Frequent Contributor
3
DaveGlover
Trusted Contributor DaveGlover Trusted Contributor
3
david_waugh
david_waugh Beginner
2
View all
Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.