How to create a new Windows Legacy Collector lockbox in NetWitness

Issue

In some circumstances, it may be necessary to create a new lockbox password for the Windows Legacy Collector in NetWitness.  An example of this would be when Event Sources cannot be added and the user is getting the error "Can't open lockbox."

Resolution

Please note that all stored passwords for the event sources will need to be re-entered after the new lockbox is created.

1. Login as administrator to the Windows workstation where the Windows Legacy Collector is installed.
2. Make sure you can view the hidden folders in the system. 
3. Create a new Directory on any specific location.
4. Move the files in C:\ProgramData\netwitness\ng\vault to the Directory created in step 3.
5. Log in to the NetWitness UI and navigate to Admin -> Services.
6. Select the Log Collector service and under the Actions column click on the gear dropdown box and go to View>Config
7. Click on the Settings tab.
8. Leave the "Old Lockbox Password" field blank and enter a new password in the "New Lockbox Password" field.
9. Click Apply.

Notes

To create a new lockbox on a Local Log Collector refer to the knowledgebase article : https://community.netwitness.com/t5/netwitness-knowledge-base/how-to-create-a-new-log-collector-lockbox-within-rsa-security/ta-p/677273

Product Details

NetWitness Product Set: Security Analytics, NetWitness Logs & Network
NetWitness Product/Service Type:  Windows Legacy Collector
NetWitness Version/Condition: 11.x, 12.x
Platform: CentOS 7, Alma linux

Approval Reviewer Queue

Technical approval queue