.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
How to use REST to extract a PCAP for a specific query in NetWitness
Resolution
For step-by-step instructions on exporting a PCAP file for a specific query against a NetWitness Concentrator, as well as on obtaining meta values for a particular session, refer to the attached document.
Product Details
RSA Product Set: NetWitness
RSA Product/Service Type: Concentrator, Broker, Decoder
O/S Version: CentOS/AlmaLinux
Summary
Instructions on how to export a PCAP for a specific query and how to get meta values for any particular session on an RSA Security Analytics Concentrator or Broker.
Approval Reviewer Queue
Technical approval queue
Attachments:
Use_REST_to_Export_PCAP_from_Query.pdf