Requests for updating Internal Network Ranges or Known Port Scanners for NetWitness Insights

Issue

The customer is experiencing incorrectly tagged traffic flow direction from Insight Cloud Analytics due to using IP addresses internally that would normally be reserved for external traffic and/or high traffic port scanners.

Resolution

To address the issue of incorrectly tagged flow direction, the following must be performed to update the NetWitness Insight Cloud Analytics system with the affected network IP addresses/Port Scanners.

1. Determine if the incorrect traffic direction is due to IP address ranges being utilized and/or if it is from port scanners within the customer's network.
2. Create an email for the Cloud Ops Engineering group using the following distro: nw.cloudops@netwitness.com
3. In the Subject of the email place the CS Case number - Insight Update Request
4. In the body of the email create a section for each IP address type that needs to be updated:

5. Let the customer know that the Cloud team has been updated. Give the customer a few business days for the changes to take effect and confirm the customer is seeing the changes. 
6. Once confirmed, close out the Support case.
7. If there are issues, email the Cloud Ops distro for an update. If there is no response, reach out to your manager for assistance.

Product Details

NetWitness Product Set: NetWitness Platform
NetWitness Product/Service Type: NetWitness Insight Cloud Analytics
NetWitness Version/Condition: 12.4.1 or later
Platform: Alma Linux, Cloud

Approval Reviewer Queue

Technical approval queue