RSA NetWitness Security Analytics

Name	Description
NetwitnessSAListIncidents	List NetWitness SA incidents. Filtering and sorting the list is also supported (see optional arguments).
NetwitnessSAGetComponents	Get a list of components in the NetWitness architecture.
NetwitnessSAGetEvents	Returns all the RSA NetWitness SA events in the defined time range.
NetwitnessSACreateIncident	Create an incident inside NetWitness SA from a set of NetWitness events.
NetwitnessSAGetAvailableAssignees	Returns the available NetWitness SA users to be assigned to incidents.
NetwitnessSAAddEventsToIncident	This command will add new events to an existing NetWitness SA incident.

Name

Description

NetwitnessSAListIncidents

List NetWitness SA incidents. Filtering and sorting the list is also supported (see optional arguments).

NetwitnessSAGetComponents

Get a list of components in the NetWitness architecture.

NetwitnessSAGetEvents

Returns all the RSA NetWitness SA events in the defined time range.

NetwitnessSACreateIncident

Create an incident inside NetWitness SA from a set of NetWitness events.

NetwitnessSAGetAvailableAssignees

Returns the available NetWitness SA users to be assigned to incidents.

NetwitnessSAAddEventsToIncident

This command will add new events to an existing NetWitness SA incident.

Name	Description
RSA NetWitness Security Analytics	RSA Security Analytics, compatible with prior to v11. A distributed and modular system that enables highly flexible deployment architectures that scale with the needs of the organization. Security Analytics allows administrators to collect two types of data from the network infrastructure, packet data and log data.

Name

Description

RSA NetWitness Security Analytics

RSA Security Analytics, compatible with prior to v11. A distributed and modular system that enables highly flexible deployment architectures that scale with the needs of the organization. Security Analytics allows administrators to collect two types of data from the network infrastructure, packet data and log data.

Name	Description
NetwitnessSACreateIncident	Create an incident inside NetWitness SA from a set of NetWitness events.
NetwitnessSAGetEvents	Returns all the RSA NetWitness SA events in the defined time range.
NetwitnessSAListIncidents	List NetWitness SA incidents. Filtering and sorting the list is also supported (see optional arguments).
NetwitnessSAGetComponents	Get a list of components in the NetWitness architecture.
NetwitnessSAGetAvailableAssignees	Returns the available NetWitness SA users to be assigned to incidents.
NetwitnessSAAddEventsToIncident	This command will add new events to an existing NetWitness SA incident.

Name

Description

NetwitnessSACreateIncident

Create an incident inside NetWitness SA from a set of NetWitness events.

NetwitnessSAGetEvents

Returns all the RSA NetWitness SA events in the defined time range.

NetwitnessSAListIncidents

List NetWitness SA incidents. Filtering and sorting the list is also supported (see optional arguments).

NetwitnessSAGetComponents

Get a list of components in the NetWitness architecture.

NetwitnessSAGetAvailableAssignees

Returns the available NetWitness SA users to be assigned to incidents.

NetwitnessSAAddEventsToIncident

This command will add new events to an existing NetWitness SA incident.

Name	Description
RSA NetWitness Security Analytics	RSA Security Analytics, compatible with prior to v11. A distributed and modular system that enables highly flexible deployment architectures that scale with the needs of the organization. Security Analytics allows administrators to collect two types of data from the network infrastructure, packet data and log data.

Name

Description

RSA NetWitness Security Analytics

Pack Name	Pack By
Base	By: Cortex XSOAR

Pack Name	Pack By
Base	By: Cortex XSOAR
Aggregated Scripts	By: Cortex XSOAR

Scripts

NetwitnessSAGetComponents

Updated the Docker image to: demisto/python3:3.12.8.3296088.

NetwitnessSAAddEventsToIncident

Updated the Docker image to: demisto/python3:3.12.8.3296088.

NetwitnessSACreateIncident

Updated the Docker image to: demisto/python3:3.12.8.3296088.

NetwitnessSAGetEvents

Updated the Docker image to: demisto/python3:3.12.8.3296088.

NetwitnessSAListIncidents

Updated the Docker image to: demisto/python3:3.12.8.3296088.

NetwitnessSAGetAvailableAssignees

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Certification	Certified	Read more
Supported By	Cortex
Created	June 30, 2020
Last Release	March 22, 2026

RSA NetWitness Security Analytics

Scripts

NetwitnessSAGetComponents

NetwitnessSAAddEventsToIncident

NetwitnessSACreateIncident

NetwitnessSAGetEvents

NetwitnessSAListIncidents

NetwitnessSAGetAvailableAssignees

Scripts

NetwitnessSAGetEvents

NetwitnessSAGetAvailableAssignees

NetwitnessSACreateIncident

NetwitnessSAListIncidents

NetwitnessSAAddEventsToIncident

NetwitnessSAGetComponents

Scripts

NetwitnessSACreateIncident

NetwitnessSAListIncidents

NetwitnessSAGetComponents

NetwitnessSAGetEvents

NetwitnessSAGetAvailableAssignees

NetwitnessSAAddEventsToIncident

Scripts

NetwitnessSAGetComponents

NetwitnessSAAddEventsToIncident

NetwitnessSACreateIncident

NetwitnessSAGetEvents

NetwitnessSAListIncidents

NetwitnessSAGetAvailableAssignees

Scripts

NetwitnessSAGetEvents

NetwitnessSAGetAvailableAssignees

NetwitnessSACreateIncident

NetwitnessSAListIncidents

NetwitnessSAAddEventsToIncident

NetwitnessSAGetComponents

Scripts

NetwitnessSACreateIncident

NetwitnessSAListIncidents

NetwitnessSAGetComponents

NetwitnessSAGetEvents

NetwitnessSAGetAvailableAssignees

NetwitnessSAAddEventsToIncident

PUBLISHER

PLATFORMS

INFO

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER