This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
OmarGarciaGilio
OmarGarciaGilio Beginner
Beginner
since ‎2016-05-09
‎2021-02-19

User Statistics

  • 26 Posts
  • 0 Solutions
  • 5 Likes given
  • 0 Likes received
Announcement Banner

Users are unable to open Netwitness Support Cases via email. Please open support cases via portal or by phone

View Details
  • NetWitness Community
  • About OmarGarciaGilio

User Activity

  • Posts
  • Replies

Where is "impervawaf.txt"?

by OmarGarciaGilio 2020-05-24 general.in NetWitness Discussions • latest reply by AlejandroNegron 2020-05-25
2020-05-24
Hi,I'm working on integration an "Imperva SecureSphere", as the doc DOC-40191 says, I need the "impervawaf.txt" file, but I don't find this additional download. Hope you can help me.

Retention Rules & Purge logs from Archiver

by OmarGarciaGilio 2019-10-04 general.in NetWitness Discussions • latest reply by sravan.koneti 2019-11-12
2019-10-04
Hello, I need to filter logs to be storage on Archiver. I need to disscard any log from device ip 1.1.1.1 and any log from device type 'winevent_nic' and from the device type 'winevent_snare' just need to keep any log that start with 'security' word ...

Oracle 12c ODBC

by OmarGarciaGilio 2018-10-27 general.in NetWitness Discussions • latest reply by ArnabChakravert 2018-10-30
2018-10-27
Hi, As I have issue with LogCollector service, I had to create another method to send log from database to LogDecoder by syslog, I test it on oracle 11c an works fine but I have trouble with 12c version. I run the same query that use the xml file "or...

Reset stats of "Event Source Monitoring"

by OmarGarciaGilio 2018-06-21 general.in NetWitness Discussions • latest reply by SravanKoneti1 2018-06-27
2018-06-21
How can I Reset stats of "Event Source Monitoring" on "Health & Wellness" module?As I have many source datas that doesn't send logs anymore, I want to clean them.

Basic reports for SO Linux, Unix, Windows, Solaris ...

by OmarGarciaGilio 2018-05-25 general.in NetWitness Discussions
2018-05-25
HelloI need to make some basic report rules for many SO (mostly linux and WIndows), so I was thinking to use 'event.cat.name' meta, because I guess this meta exist for all SOs logs. So I was wondering: Is there a list of all possible values of this m...
View more

Re: The Limits of Feeds !!

by OmarGarciaGilio 2018-05-24 general.in NetWitness Discussions
2018-05-24
Hi John Basically I need to enrich Client data (full name and ID), the goal is make a rule that show all the registers where client ID (get from feed, I thought) is equal to user ID (this meta already exist). But as there are more than 14 millions of...

Re: Change query.level.1 value

by OmarGarciaGilio 2018-04-25 general.in NetWitness Discussions • latest reply by JohnKisner 2018-04-25
2018-04-25
Hi, The query that I try to run is: We want to know the last login of user in the last 3 or 6 months. Have to work with event.time instead time meta because sometimes the collecting time has delay of days.

Re: The Limits of Feeds !!

by OmarGarciaGilio 2018-04-19 general.in NetWitness Discussions
2018-04-19
Hi Brian, Thanks for the answer, I already tried to compile the feed with using "NwConsole" but got an error and the feed file never be generate. Instead I tried to split my file in lower pieces and then generate my feed with one of them. Finally I n...

Re: Rule to Create a Report with Alert Out of Business Hours

by OmarGarciaGilio 2018-03-05 general.in NetWitness Discussions
2018-03-05
Hi Renato, I had the same problem with a report. The main trouble is handle with "event.time" meta and report engine syntax. Well, this is how I did: 1st: work on the xml parser and use "event.time.str" to save (as string) the value of "event.time" (...

Re: The Limits of Feeds !!

by OmarGarciaGilio 2018-02-09 general.in NetWitness Discussions • latest reply by BrianKeenan 2018-05-29
2018-02-09
Thanks for the info. So far I got this xml "DataCliAmdocs.xml": And this file "DataCliAmdocs.csv" (Just a sample, the real have over 14M): #amdocs|CUSTOMER_KEY|ID|FULL_NAME|VARamdocs|99999742|N/A|PICA PIEDRA,PEDRO PANCHO|R:Resistor--...
View more
Likes given to
User Count
AlejandroNegron
AlejandroNegron Beginner
1
JohnKisner
Trusted Contributor JohnKisner Trusted Contributor
1
SravanKoneti1
SravanKoneti1 Beginner
1
JohnSnider
Trusted Contributor JohnSnider Trusted Contributor
1
BobDredger
Frequent Contributor BobDredger Frequent Contributor
1
View all
Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.