Live
How do you know if your network is communicating with clear and present threats to your data?
Do you have access to reliable and timely intelligence to expose actual risk to your information?
How can you improve the efficiency of your incident detection and response processes?

NetWitness Live is an online, 24x7 intelligence service that provides immediate access to multi-source threat-intelligence and reputational content for your NetWitness infrastructure. Organizations require the ability to determine real-time risk to electronic operations, intellectual property, and customer data flows. NetWitness Live enables automated fusion of live data from your existing NetWitness infrastructure with current threat intelligence feeds, giving you unmatched visibility into rapidly advancing risks, and strengthening your ability to identify and prioritize changes to your internal and external threat landscape.

Key Features and Benefits:
  • Proactively optimize and automate insight into advanced threats
  • Reduce time to identify, assess and respond to incidents, improve staff efficiency and time to incident closure
  • Real-time, reliable and credible multi-source threat intelligence
  • Definitively classify computers associated with illegal, 3rd party exploits, open proxies, worms/viruses, spam engines, BOTs, and other current and zero-day exploits
  • Synchronize with verified NetWitness content derived from best of breed data feeds

NetWitness Live Resources

Threat Intelligence
For the first time, NetWitness Live provides public and private organizations the real-time ability to navigate the full content of network threat intelligence from multiple, globally-distributed threat intelligence sources. Unlike other services which focus on single source intelligence, NetWitness Live enables users to tailor their data feeds according to their environment and threat profile. NetWitness has partnered with multiple data providers from the open-source, research, and the commercial communities to provide the most comprehensive threat intelligence available. These sources include: SANS Internet Storm Center, SRI Malware Threat Center, ShadowServer, U.S. Department of Treasury, MyNetWatchman, and others. Additional threat feeds will be incorporated on a regular and ongoing basis. Both Basic and Premium threat feeds are available to NetWitness customers with enterprise appliance infrastructures. Please see your NetWitness sales representative for more information.

NetWitness Live Threat Intelligence is powered in part by:
SANS Internet Storm Center SRI Malware Threat Center ShadowServer SpamHaus

NetWitness Identity
NetWitness Live now provides the conduit to integrate domain user identity with your NetWitness NextGen infrastructure. Managed through NetWitness Live Manager, you can now integrate domain login events with NextGen to create a definitive intelligence list of users correlated to IP addresses. When this data is loaded into NextGen users are provided with instant knowledge of a persons network activity and identity.

Available content may also include:
  • Baseline or new and improved Informer reports and rules
  • Newly developed FlexParsers
  • Static Feeds
  • Future software modules

Get NetWitness Live Free!

Investigator Freeware users have access to a subset of Live data through the latest version. From the Welcome page in Investigator simply click to download the latest feed from SANS or rules from NetWitness for inclusion into Investigator.

System Requirements:
  • Windows® 2003 Server
  • Internet Explorer 7+
  • 1 Ethernet Port
  • Licensed NetWitness Investigator & Supporting NextGen capture infrastructure

Call 703-889-8950 or contact sales@netwitness.com for more information about NetWitness® Live and the NextGen™ product suite.



 Support Community Blog