Greetings! NW Platform XDR Current Version
12.3.0.0-230630083209.5.b2aa0d7 Current Build 230630083209 I'm
attempting to pull in blacklists from external sources to keep our
alerts fresh and up to date. I'm having issues with utilizing the lists
once ...
Looking to see if anyone knows if there is an advantage to the new Cisco
Umbrella connector vs the legacy collector for umbrella? We have quite a
few customers deployed with umbrella, so this will take a bit to
overhaul and move these customers from ...
Does the Netwitness Endpoint Agent stop any processes from processing if
you haven't manually blocked the file? Seeing this in the logs of one of
our files: Could not copy "obj\Debug\xxxxxxxxxxxxxxxxx.exe" to
"bin\Debug\xxxxxxxxxxxxxxxxxx.exe". Excee...
Does anyone have experience with best practices around either building
APP Rules as a "Whitelist" or assigning a List to an APP Rule for
whitelisting purposes. We get an abundance of alerts for Powershell for
example, well many of these param.src / p...
I am getting this error, sure it is probably a simple fix so I am
posting it to the blog.....Anyone have any steps... We are using the
11.5 OVA, we are running 11.6.1.1 currently.
+---------------------------------------------------+| NetWitness
Boot...
First off, thanks for this great info! It's heading me on the right
direction. the problem is this is a fully manual process that someone
has to do - make the csv, upload the csv, etc..etc.. what I'm trying to
do is to have the data brought in automa...
This is not the problem I am facing. I am able to correctly format and
get the data in - it's writing a query or an alert that uses the data.
Reports are one thing, but I want to use the blacklist data in an alert.
