Has anyone encountered something similar to the following? Over the past
week, the RSA-SMS service on our broker (10.6.2.0) has been randomly
stopping and not starting back up. Checking through the sms.log, these
are the only relevant log lines I cou...
A few days ago, our ESA service went down. While I was able to restart
the process, I'm attempting to determine what happened to it. I've gone
through the log files in the following locations and did not find any
OOM or other errors that would indica...
Has anyone encountered this particular issue? We're retrieving .csv
files of indicators for our packet decoders and storing them in our
broker in /var/netwitness/srv/www/feeds/. Prior to upgrading to
10.6.2.0, this process worked fine. From there, we...
Is there a way to configure the frequency of historical snapshots for
correlation and application rules. Our application rules on our packet
decoders create snapshot seemingly whenever a change is made to the
existing ruleset, but most of our concent...
We began ingesting decrypted https traffic into our Netwitness packet
decoders (10.6.2). The request and response headers and showing up fine
and the service is being tagged as 80. However, none of the headers are
being parsed by the http_lua parser ...
Data retention for a dedicated Netflow system is greater than the
Netwitness retention for meta (at least in our environment). Also,
certain flow exports like NSEL from things like ASAs provide additional
information like user IDs and NAT stitching. ...
From a place that uses both, the only value I've found from having
netflow in addition to FPC is the historical retention. In Netwitness,
we only have packets going back 2 days and meta (which covers all
standard netflow fields) going back 30 days. I...
Thanks! That appears to be the right log file, although root cause still
unknown. WARN | wrapper | 2017/07/13 00:41:04 | JVM process was still
running after receiving a SIGCHLD signal.STATUS | wrapper | 2017/07/13
00:41:03 | Launching a JVM...ERROR |...
Is Whatsthisfile.net going to be a service that all RSA customers can
use (seems open to anyone now during the pre-release stage). Also, are
there any API docs or integrations with Netwitness packets planned for
the future? The big one would be to be...
We make changes to our correlation rules several times a week. Should we
expect to see backups on all concentrators or just the one we made the
changes to and pushes the rules out from?
