How to approach in RSA Netwitness for the 'unknown' or 'undefined' logs
February 7, 2017
Issue This article provides the steps to check or verify the unknown or undefined logs in...
Script - NwConsole whatiswrong
February 3, 2017
One of my favorite troubleshooting commands as well as a method to archive and export configuration...
Logs - Collecting Windows Events with WEC
January 30, 2017
A customer had asked me if it was possible to collect logs centrally using WEC (Windows Event...
Logs - New Windows Security Event ID's
January 27, 2017
Looks like Windows 10 has introduced some new Security event ID's as well as modified the content...
Script to Compile SA Inventory and Configuration Information (SA_Enviro_Check.sh)
January 27, 2017
UPDATED 2-1-2017 to Version 0.4 Changelog: 1-20-2017 (0.2) : Added capability to auto-populate all...
Threat Detection - Update (Jan 2017)
January 25, 2017
If you didn't catch Saket's update about Log Parsers, be sure to look at all the improvements they...
Log Parser Improvements - Update (Jan 2017)
January 24, 2017
The RSA Live Content team has published updates for 6 more Log Parsers that generate the largest...
RSA NetWitness Suite Customer Summit
January 18, 2017
Please join us for the RSA NetWitness Suite Customer Summit at the RSA Conference 2017 in San...
Context Menu - VirusTotal Hash Lookup
January 16, 2017
Lets say you have NetWitness packet capture and you are at the point where you have located a...
LUA Parser to deal with Alternative Syslog formats
January 13, 2017
I have a customer who use something called a "Data Diode" to enforce one way connectivity through...