Getting Started with Detect AI

To onboard NetWitness Detect AI, existing customers with NetWitness Platform version 11.5.2 or later can share their tenant administrative user details with the NetWitness Sales team. The NetWitness Sales team then onboards the first administrative user from your organization to kick-start the set up process. The administrative user then receives a welcome email that contains the NetWitness Detect AI access URL, a user name, and a temporary password. Ensure that you reset the password at the first login.

The following checklist includes the steps to set-up and use NetWitness Detect AI:

Before you Begin

  1. Ensure that you configure the actual time on the Cloud Link Service (Log Decoder Host). Sync the device Network Time Protocol (NTP) with the NTP service on the admin server. For more information on how to configure NTP Sever, see Configure NTP Servers.

  2. The host on which the Cloud Link Service will be installed needs to be connected to Amazon Web Services(AWS). This might require changes to your existing firewall rules. Hosts will need to connect to the IP ranges for the chosen deployment region. For more information on the current list of AWS IPs by region, see AWS IP address ranges.

  3. (Optional) Ensure that you configure the proxy settings from NetWitness Platform version 11.5.3 or later, before installing the Cloud link Service. For more information, see Configure the proxy for the Cloud Link Service.

Check Task Navigate To
checkbox 1. Understanding NetWitness Detect AI • NetWitness Detect AI Overview
• What use cases does NetWitness Detect AI address
• Detect AI Works
• Types of NetWitness Detect AI licenses
checkbox 2. Log in to your account and perform the initial set up tasks • Log in to your account
• Set up and manage administrators
• Enable multi-factor authentication for your account
checkbox 3. Understanding Cloud Link Service Cloud Link Service Overview
checkbox 4. Plan your Cloud Link Service installation Planning considerations for Cloud Link Service
checkbox 5. Install Cloud Link Service on Log Decoder (11.5.2 or later) Install Cloud Link Service
checkbox 6. Download the activation package Download the activation package
checkbox 7. Register the Cloud Link Service Register the Cloud Link Service
checkbox 8. Verify if the Cloud Link Service is working Verify if the Cloud Link Service is working
checkbox 9. Enable data transfer from Detect AI to NetWitness Platform Transfer Detect AI data to NetWitness platform
checkbox 10. Monitor Cloud Link Service Monitor the health of the Cloud Link Service
checkbox 11. (Optional) Enabling email and syslog notifications for Cloud Link Service Configure email or syslog notifications to monitor the service
checkbox 12. Updating the Cloud Link Service automatically Update the Cloud Link Service automatically
checkbox 13. (Optional) Delete Cloud Link Service if no longer required Delete Cloud Link Service
checkbox 14. Install Detect AI with an existing on-premise UEBA Install Detect AI with an existing on-premise UEBA
checkbox 15. (Optional) Configure proxy setting for the Cloud Link Service Configure the proxy for Cloud Link Service

After completing the set-up, you can perform several tasks to respond to threats reported by NetWitness Detect AI. For more information, see Investigate.

Video - Setting up Detect AI