Hi Jay, you can leverage Decoder App Rules to identify the traffic and,
within the rule editor, choose the 'truncate' option which will dump the
payload and keep the session meta.
The DACs don't have a management console. Aside from the nwraidutil
script mentioned above, you can leverage the UI Health & Wellness module
to get the same metrics. From H&W click on 'Monitoring' and select the
host that you are interested in (this ...
I'd find it useful to see both options exist in a single pane. It's
clumsy to have to go to Live Feeds for one part and then go dig and find
the RE List to put the same data into, and scripting this option is not
customer friendly. I think the theme ...
Sample use case: Analyst obtains a fresh set of malicious C2 domains and
needs to "put them into NetWitness". They should have the ability to
paste in the domains in a list somewhere and have options to: 1) add to
a new/existing Recurring Feed (so th...
Sounds like a good RFE if not already on the docket. Many other uses
cases can be implemented by exposing the RE List from an automated
standpoint (similar to how Recurring Feeds work today).