Hello our Netwitness infrastructure is getting quite old and was
installed over 5 years ago.As a result the Puppet CA certificate and all
the agent certificates are due to expire in about 2 months time. When
running puppet agent -t I get the error: I...
Good Morning. I installed 10.6.6.1 on June 12th. Last week I noticed
that an ESA rule had not fired and on investigating I can see that there
was a correlation between the upgrade and a drop in Windows events. The
graph below shows winevent logon for...
Hi we are moving to a Netwitness 11 Packet only environment with no
logs.Do we still need an ESA? I remember an ESA can support 30K EPS, but
how does the translate to collecting packet meta. For example, do I need
1 ESA per 10Gbps of packet collectio...
Hi we have used the winrmconfig.ps1 script to set up WinRM collection on
our servers and it has worked very well. We are now moving to a central
collection model, with windows events being forwarded to central
collectors, and then being picked up fro...
Hi James, I followed the steps at:
as recommended and this replaced the CA Certificate. I then had to
replace the puppet agent certificate on the same server. I replaced t...
I think something might have changed after the upgrade, but one main
reason for this was that I had "Debug=Verbose" configured on the Windows
Event Collectors. The reason I needed to do this was to extract non
standard windows messages, but we have s...
Hi Rui Ataide "This shows a possible solution to detect this type of
traffic with a simple App rule that could identify traffic HTTP with 2
unique alias.host values and the presence of a certificate." Very
interesting post. do you have an example of...
Hi my understanding is:Polling Interval - How often it will attempt to
collect eventsPolling Duration: - The maximum it can take to collect the
events. I think I am correct that if a polling interval hasnt finished
then it wont start a new one. egIf ...