This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Platform Unified Data Model
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
  • NetWitness Community
  • Products
  • NetWitness Platform
  • Documentation
  • Threat Intelligence
  • Unified Data Model
  • Options
    • My Contributions
    • Subscribe
    • Bookmark
    • Subscribe to RSS Feed
    • Invite a Friend
    • English
    • French (Français)
    • German (Deutsche)
    • Japanese (日本人)
    • Spanish (Español)
Versions
All Downloads

Product Resources

  •   Advisories
    •   NetWitness Platform
      •   Product Advisories
      •   Security Advisories
      •   Service Notifications
      •   Technical Advisories
    •   NetWitness Orchestrator
      •   Product Advisories
      •   Security Advisories
      •   Service Notifications
      •   Technical Advisories
  •   Blog
  •   Discussions
  •   Documentation
    •   NetWitness Platform
    •   Cloud SIEM
    •   Detect AI
    •   Hardware Setup Guides
    •   Investigator
    •   Orchestrator
    •   Threat Intelligence
  •   Downloads
    •   RSA NetWitness Platform
    •   RSA NetWitness Investigator
    •   RSA NetWitness Endpoint
  •   Events
  •   Ideas
  •   Integrations
  •   Knowledge Base
    •   NetWitness Platform
    •   NetWitness Endpoint 4.x
  •   Training
  •   Videos
Introduction to the RSA NetWitness® Platform Unified Data Model

Introduction to the RSA NetWitness® Platform Unified Data Model

The RSA NetWitness® Platform Unified Data Model (UDM) provides combined insight from Logs, Network and Endpoints. It organizes elements of data coming into RSA NetWitness from disparate sources via various methods into one, standardized data model. Analysts can now look for data concepts in one place, as defined by the Unified Data Model. This model is intuitive and provides immediate clarity to both analysts and content authors to use the data for writing Log/Packet parsers and Analytical content, such as Reports, Feeds, Alerts, and so on.

 

The Unified Data Model contains a list of all the Meta concepts available in the out-of-the-box RSA NetWitness® Platform. These keys should be used uniformly across the RSA NetWitness® Platform to get the most consistent results. The following illustration shows a high level view of how raw data enters RSA NetWitness and is transformed into meta data defined by the concepts in the Unified Data model. (Note: This does not represent the entire RSA NetWitness architecture;  it just lays out how meta flows through some services and the different configuration files involved in the process)

 

 

Meta Flow in the RSA NetWitness Platform

 

pastedImage_1.png

Next 

Documentation List
Product Documentation
RSA NetWitness® Suite Unified Data Model Available Concepts
Jul 27, 2021
RSA NetWitness® Suite Unified Data Model Glossary
Apr 21, 2021
RSA NetWitness® Suite Unified Data Model Meta Entities
Apr 21, 2021
Introduction to the RSA NetWitness® Platform Unified Data Model
Apr 21, 2021
RSA NetWitness® Suite Unified Data Model Discontinued Concepts
Feb 28, 2018
View All

On this page

Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.