This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
MichaelPochan
MichaelPochan Beginner
Beginner
since ‎2016-07-28
‎2021-04-13

User Statistics

  • 48 Posts
  • 0 Solutions
  • 18 Likes given
  • 22 Likes received
Announcement Banner

Users are unable to open Netwitness Support Cases via email. Please open support cases via portal or by phone

View Details
  • NetWitness Community
  • About MichaelPochan

User Activity

  • Posts
  • Replies

RSA-SMS issue

by MichaelPochan 2017-07-31 general.in NetWitness Discussions
2017-07-31
Has anyone encountered something similar to the following? Over the past week, the RSA-SMS service on our broker (10.6.2.0) has been randomly stopping and not starting back up. Checking through the sms.log, these are the only relevant log lines I cou...

ESA error - log location

by MichaelPochan 2017-07-14 general.in NetWitness Discussions • latest reply by david_waugh 2019-07-31
2017-07-14
A few days ago, our ESA service went down. While I was able to restart the process, I'm attempting to determine what happened to it. I've gone through the log files in the following locations and did not find any OOM or other errors that would indica...

Recurring Feed Issue

by MichaelPochan 2017-06-21 general.in NetWitness Discussions • latest reply by EricPartington 2017-08-29
2017-06-21
Has anyone encountered this particular issue? We're retrieving .csv files of indicators for our packet decoders and storing them in our broker in /var/netwitness/srv/www/feeds/. Prior to upgrading to 10.6.2.0, this process worked fine. From there, we...

Application and Correlation Rule Backup Snapshots

by MichaelPochan 2017-06-20 general.in NetWitness Discussions • latest reply by EricPartington 2017-06-22
2017-06-20
Is there a way to configure the frequency of historical snapshots for correlation and application rules. Our application rules on our packet decoders create snapshot seemingly whenever a change is made to the existing ruleset, but most of our concent...

decrypted ssl traffic parsing

by MichaelPochan 2017-06-02 general.in NetWitness Discussions • latest reply by EricPartington 2017-06-02
2017-06-02
We began ingesting decrypted https traffic into our Netwitness packet decoders (10.6.2). The request and response headers and showing up fine and the service is being tagged as 80. However, none of the headers are being parsed by the http_lua parser ...
View more

Re: Netflow versus Full Packet Capture

by MichaelPochan 2017-08-08 general.in NetWitness Discussions
2017-08-08
Data retention for a dedicated Netflow system is greater than the Netwitness retention for meta (at least in our environment). Also, certain flow exports like NSEL from things like ASAs provide additional information like user IDs and NAT stitching. ...

Re: Netflow versus Full Packet Capture

by MichaelPochan 2017-07-31 general.in NetWitness Discussions
2017-07-31
From a place that uses both, the only value I've found from having netflow in addition to FPC is the historical retention. In Netwitness, we only have packets going back 2 days and meta (which covers all standard netflow fields) going back 30 days. I...

Re: ESA error - log location

by MichaelPochan 2017-07-17 general.in NetWitness Discussions
2017-07-17
Thanks! That appears to be the right log file, although root cause still unknown. WARN | wrapper | 2017/07/13 00:41:04 | JVM process was still running after receiving a SIGCHLD signal.STATUS | wrapper | 2017/07/13 00:41:03 | Launching a JVM...ERROR |...

Re: Malspam delivers Emotet 6-26-2017

by MichaelPochan 2017-06-28 general.in NetWitness Community Blog
2017-06-28
Is Whatsthisfile.net going to be a service that all RSA customers can use (seems open to anyone now during the pre-release stage). Also, are there any API docs or integrations with Netwitness packets planned for the future? The big one would be to be...

Re: Application and Correlation Rule Backup Snapshots

by MichaelPochan 2017-06-22 general.in NetWitness Discussions
2017-06-22
We make changes to our correlation rules several times a week. Should we expect to see backups on all concentrators or just the one we made the changes to and pushes the rules out from?
View more
Likes from
User Count
Anonymous
2
MichaelDickerso
MichaelDickerso Beginner
1
MaorFranco
Employee MaorFranco
2
someone
someone Contributor
1
KEVINDIENST
KEVINDIENST Beginner
1
View all
Likes given to
User Count
DonRadick
DonRadick Beginner
1
JohnSnider
Trusted Contributor JohnSnider Trusted Contributor
3
ChristopherAhea
ChristopherAhea Beginner
3
EricPartington
Employee EricPartington
4
MarcinGryga
MarcinGryga Beginner
1
View all
Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.