List NetWitness SA incidents. Filtering and sorting the list is also supported (see optional arguments).
RSA NetWitness Security Analytics
- Details
- Content
- Dependencies
- Version History
RSA Security Analytics, compatible with prior to v11. A distributed and modular system that enables highly flexible deployment architectures that scale with the needs of the organization. Security Analytics allows administrators to collect two types of data from the network infrastructure, packet data and log data.
Automations
| Name | Description |
|---|---|
NetwitnessSAListIncidents | |
| NetwitnessSACreateIncident | Create an incident inside NetWitness SA from a set of NetWitness events. |
NetwitnessSAGetComponents | Get a list of components in the NetWitness architecture. |
| NetwitnessSAGetAvailableAssignees | Returns the available NetWitness SA users to be assigned to incidents. |
NetwitnessSAGetEvents | Returns all the RSA NetWitness SA events in the defined time range. |
| NetwitnessSAAddEventsToIncident | This command will add new events to an existing NetWitness SA incident. |
Integrations
| Name | Description |
|---|---|
| RSA NetWitness Security Analytics | RSA Security Analytics, compatible with prior to v11. A distributed and modular system that enables highly flexible deployment architectures that scale with the needs of the organization. Security Analytics allows administrators to collect two types of data from the network infrastructure, packet data and log data. |
Automations
| Name | Description |
|---|---|
NetwitnessSAGetComponents | Get a list of components in the NetWitness architecture. |
| NetwitnessSACreateIncident | Create an incident inside NetWitness SA from a set of NetWitness events. |
| NetwitnessSAAddEventsToIncident | This command will add new events to an existing NetWitness SA incident. |
NetwitnessSAGetEvents | Returns all the RSA NetWitness SA events in the defined time range. |
NetwitnessSAListIncidents | List NetWitness SA incidents. Filtering and sorting the list is also supported (see optional arguments). |
| NetwitnessSAGetAvailableAssignees | Returns the available NetWitness SA users to be assigned to incidents. |
Integrations
| Name | Description |
|---|---|
| RSA NetWitness Security Analytics | RSA Security Analytics, compatible with prior to v11. A distributed and modular system that enables highly flexible deployment architectures that scale with the needs of the organization. Security Analytics allows administrators to collect two types of data from the network infrastructure, packet data and log data. |
Required Content Packs (1)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
Optional Content Packs (0)
| Pack Name | Pack By |
|---|
All level dependencies (1)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
1.0.12 - 752611 (January 9, 2024)
- 32030
Download
Scripts
NetwitnessSAAddEventsToIncident
- Updated the Docker image to: demisto/python3:3.10.13.83255.
NetwitnessSAGetAvailableAssignees
- Updated the Docker image to: demisto/python3:3.10.13.83255.
NetwitnessSAListIncidents
- Updated the Docker image to: demisto/python3:3.10.13.83255.
NetwitnessSAGetComponents
- Updated the Docker image to: demisto/python3:3.10.13.83255.
NetwitnessSACreateIncident
- Updated the Docker image to: demisto/python3:3.10.13.83255.
NetwitnessSAGetEvents
- Updated the Docker image to: demisto/python3:3.10.13.83255.
- 32030
Download
1.0.11 - R6592021 (October 13, 2023)
- 28088
Download
Scripts
NetwitnessSAAddEventsToIncident
- Updated the Docker image to: demisto/python3:3.10.12.63474.
NetwitnessSAGetAvailableAssignees
- Updated the Docker image to: demisto/python3:3.10.12.63474.
NetwitnessSAListIncidents
- Updated the Docker image to: demisto/python3:3.10.12.63474.
NetwitnessSAGetComponents
- Updated the Docker image to: demisto/python3:3.10.12.63474.
NetwitnessSACreateIncident
- Updated the Docker image to: demisto/python3:3.10.12.63474.
NetwitnessSAGetEvents
- Updated the Docker image to: demisto/python3:3.10.12.63474.
- 28088
Download
1.0.9 - 5318720 (May 21, 2023)
- 26365
Download
Scripts
NetwitnessSAAddEventsToIncident
- Added the
skipprepareattribute to prevent scripts and tasks containing the word incident from being replaced with the word alert. - Updated the Docker image to: demisto/python3:3.10.11.58677.
NetwitnessSACreateIncident
- Added the
skipprepareattribute to prevent scripts and tasks containing the word incident from being replaced with the word alert. - Updated the Docker image to: demisto/python3:3.10.11.58677.
NetwitnessSAListIncidents
- Added the
skipprepareattribute to prevent scripts and tasks containing the word incident from being replaced with the word alert. - Updated the Docker image to: demisto/python3:3.10.11.58677.
- 26365
Download
1.0.7 - R4718798 (March 1, 2023)
- 21069
Download
Scripts
NetwitnessSAGetAvailableAssignees
- Updated the Docker image to: demisto/python3:3.10.6.33415.
NetwitnessSAGetEvents
- Updated the Docker image to: demisto/python3:3.10.6.33415.
NetwitnessSAGetComponents
- Updated the Docker image to: demisto/python3:3.10.6.33415.
NetwitnessSAListIncidents
- Updated the Docker image to: demisto/python3:3.10.6.33415.
NetwitnessSACreateIncident
- Updated the Docker image to: demisto/python3:3.10.6.33415.
NetwitnessSAAddEventsToIncident
- Updated the Docker image to: demisto/python3:3.10.6.33415.
- 21069
Download
PUBLISHER
PLATFORMS
Cortex XSOARCortex XSIAM
INFO
| Certification | Certified | Read more |
| Supported By | Cortex | |
| Created | June 30, 2020 | |
| Last Release | January 9, 2024 |
WORKS WITH THE FOLLOWING INTEGRATIONS:
