NetWitness Community

Table of Contents

•   Release Notes
  •   Release Notes 11.7
  •   Release Notes 11.7.0.1
  •   Release Notes 11.7.0.2
  •   Release Notes 11.7.1
  •   Known Issues
  •   Security Fixes
•   Getting Started
  •   RSA NetWitness Platform
    •   Introduction
    •   User Roles
    •   Basic Navigation
    •   Logs and Network Investigation
    •   Endpoint Investigation
    •   User Entity Behavior Analysis
    •   Common Use Cases and Business Value
  •   Feeds, Parsers and Hunting Packs
    •   Content Quick Start Guide
    •   Network Data and Logs Hunting Guide
    •   UEBA Essentials Hunting Guide
    •   UEBA Essentials Hunting Pack
    •   Content Bundles (Packs)
    •   Investigation Model for Information Security Incident Response
    •   Investigation Feed
    •   Simple Feed Creation
    •   A Treatise on Writing Packet Parsers
    •   Log Parser Customization
    •   All RSA Content Information
•   Install and Upgrade
  •   Understand the Architecture and Plan
    •   Look at Deployment from a High Level
    •   Choose Your Deployment Options
    •   Review the Architecture and Ports
    •   Third-Party Licenses
  •   Understand Licenses
    •   Understand NetWitness Licenses
  •   Download RSA NetWitness Platform Software
    •   View All Downloads
  •   Install on a Physical Host
    •   Set up Hardware
    •   Physical Host Installation
    •   Create a Build Stick
    •   Configure and Allocate Storage
  •   Install on an On-Premise Host
    •   Install on an On-Premise Virtual Host
    •   Configure and Allocate Storage
    •   Deploy Health and Wellness (BETA) on a Dedicated Virtual Host
  •   Install in the Cloud
    •   Install on an AWS Instance
    •   Install on an Azure Virtual Machine
    •   Install on a Google Cloud Platform Instance
    •   Configure and Allocate Storage
  •   Install Endpoints
    •   About Insights and Advanced Endpoint Agents
    •   Install an Endpoint Server
    •   Install Endpoint Agents
    •   Install and Configure an Endpoint Relay Server
    •   Migrate Version 4.4.0.x to RSA NetWitness Platform
  •   Install Standalone UEBA Server
    •   Install NetWitness UEBA
    •   Integrate with Third-Party SIEM
  •   Install Platform Licenses
    •   Understand How Licensing Works
    •   Understand License Types
    •   Install Product Licenses
  •   Upgrade from 11.x to 11.x
    •   11.x Physical or Virtual Host to Version 11.7
•   Configure and Manage
  •   Basic Services
    •   Understand Hosts and Services
    •   Deploy Hosts and Install Services
    •   Services Configuration Properties
  •   Configure Live Services
  •   Configure Network Data Capture
    •   Configure a Network Decoder
    •   Configure a Broker or Concentrator
    •   Start and Stop Data Capture
    •   Filter Data and Set Up Alert Rules
    •   Configure Feeds and Parsers
    •   Configure Warehouse Connector
    •   Tuning your Core Database
  •   Configure Log Collection
    •   Capture Data
    •   Basic Log Collection
    •   Supported Event Sources
    •   Event Sources for Log Collection
    •   Search for Specific Event Sources
    •   Windows Legacy Collector
    •   Customize Log Parsers
    •   Edit Log Parsers
    •   Archive Log Data
    •   Configure Workbench
    •   Enable Endpoints for Log Collection
    •   Integration with LogStash
    •   Event Export Connector Installation and Configuration Guide
  •   Configure Endpoint Data Collection
    •   Configure the Endpoint Log Hybrid
    •   Forward Endpoint Data to a Log Decoder
    •   Define Agent Behavior
    •   Risk Score Calculation
    •   Monitor Endpoints outside Your Network
    •   NetWitness Endpoint 4.4
  •   Configure UEBA
  •   Configure Real-Time Analysis, Enrichment Lookup, and Automated Threat Detection
    •   Event Stream Analytics
    •   Best Practices for Writing ESA Rules
    •   Enrichment Lookup Capability
    •   Automated Threat Detection
  •   Configure Incident Management Capability
    •   Incident Response Settings
  •   Configure Application Settings
    •   Configure Access, Notification, Logging, Investigation, Live, and Syslog Settings
    •   Configure Your Dashboard
    •   Review the Dashboards Catalog
  •   Configure Reports
    •   Set Up RSA NetWitness for Report Generation
    •   Generate Reports
    •   Review Reports
    •   Review Core Compliance Reports
  •   Configure Security and User Access
    •   Secure the RSA NetWitness Platform Network
    •   Set Up System-Level Security Settings
    •   Change the Default Admin Password
    •   Configure External Authentication
    •   Configure PKI Authentication
    •   Use a Custom Server Certificate
    •   Manage Users with Roles and Permissions
    •   Implement Data Privacy
  •   Configure Your System
  •   Maintain the System
    •   Monitor Health and Wellness
    •   Monitor Health and Wellness Using Kibana
    •   Reissue Certificates
    •   Track License Usage
    •   Tune Core Database Performance
    •   Manage Periodic Backups and Incidental Restoring
•   Investigate and Respond
  •   Respond to Incidents
    •   Incident Management
    •   Use Case Examples
  •   Configure System and View Investigate Settings
    •   Configure Query and Session Attributes for Analysts
    •   Configure Global Default Settings and Limits for Investigate
    •   Configure Navigate and Legacy Events View Settings (User Preference)
    •   Configure Events View Settings (User Preference)
    •   Configure Malware Analysis View Settings (User Preference)
  •   Investigate Network Data and Logs
    •   Search for Text Patterns
    •   Use Query Hints in the Events View
    •   Conduct Malware Analysis
  •   Investigate Endpoints
    •   Investigate Endpoints
    •   Isolate a Host from the Network
  •   Analyze User and Entity Behavior
•   Integrate and Develop
  •   NetWitness Integrations
    •   Integrations Catalog
    •   Integrate with Archer
    •   Integrate with SecurID
    •   Integrate with NetWitness Endpoints
  •   Developer Tools
    •   NetWitness APIs
    •   RESTful API
    •   Core Services APIs
    •   Use the NwConsole
    •   Use the nw-shell Utility to Troubleshoot Operations