This command will add new events to an existing NetWitness SA incident.
RSA NetWitness Security Analytics
- Details
- Content
- Dependencies
- Version History
RSA Security Analytics, compatible with prior to v11. A distributed and modular system that enables highly flexible deployment architectures that scale with the needs of the organization. Security Analytics allows administrators to collect two types of data from the network infrastructure, packet data and log data.
Automations
| Name | Description |
|---|---|
| NetwitnessSAAddEventsToIncident | |
NetwitnessSAListIncidents | List NetWitness SA incidents. Filtering and sorting the list is also supported (see optional arguments). |
| NetwitnessSACreateIncident | Create an incident inside NetWitness SA from a set of NetWitness events. |
NetwitnessSAGetEvents | Returns all the RSA NetWitness SA events in the defined time range. |
| NetwitnessSAGetAvailableAssignees | Returns the available NetWitness SA users to be assigned to incidents. |
NetwitnessSAGetComponents | Get a list of components in the NetWitness architecture. |
Integrations
| Name | Description |
|---|---|
| RSA NetWitness Security Analytics | RSA Security Analytics, compatible with prior to v11. A distributed and modular system that enables highly flexible deployment architectures that scale with the needs of the organization. Security Analytics allows administrators to collect two types of data from the network infrastructure, packet data and log data. |
Automations
| Name | Description |
|---|---|
| NetwitnessSAAddEventsToIncident | This command will add new events to an existing NetWitness SA incident. |
| NetwitnessSAGetAvailableAssignees | Returns the available NetWitness SA users to be assigned to incidents. |
| NetwitnessSACreateIncident | Create an incident inside NetWitness SA from a set of NetWitness events. |
NetwitnessSAGetEvents | Returns all the RSA NetWitness SA events in the defined time range. |
NetwitnessSAListIncidents | List NetWitness SA incidents. Filtering and sorting the list is also supported (see optional arguments). |
NetwitnessSAGetComponents | Get a list of components in the NetWitness architecture. |
Integrations
| Name | Description |
|---|---|
| RSA NetWitness Security Analytics | RSA Security Analytics, compatible with prior to v11. A distributed and modular system that enables highly flexible deployment architectures that scale with the needs of the organization. Security Analytics allows administrators to collect two types of data from the network infrastructure, packet data and log data. |
Required Content Packs (1)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
Optional Content Packs (0)
| Pack Name | Pack By |
|---|
All level dependencies (1)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
1.0.13 - 1718057 (November 28, 2024)
- 37407
- 37402
- 37403
- 37405
- 37406
- 37404
Download
Scripts
NetwitnessSACreateIncident
- Updated the Docker image to: demisto/python3:3.11.10.115186.
NetwitnessSAListIncidents
- Updated the Docker image to: demisto/python3:3.11.10.115186.
NetwitnessSAGetComponents
- Updated the Docker image to: demisto/python3:3.11.10.115186.
NetwitnessSAGetEvents
- Updated the Docker image to: demisto/python3:3.11.10.115186.
NetwitnessSAGetAvailableAssignees
- Updated the Docker image to: demisto/python3:3.11.10.115186.
NetwitnessSAAddEventsToIncident
- Updated the Docker image to: demisto/python3:3.11.10.115186.
- 37407
- 37402
- 37403
- 37405
- 37406
- 37404
Download
1.0.12 - R1709192 (November 26, 2024)
- 32030
Download
Scripts
NetwitnessSAAddEventsToIncident
- Updated the Docker image to: demisto/python3:3.10.13.83255.
NetwitnessSAGetAvailableAssignees
- Updated the Docker image to: demisto/python3:3.10.13.83255.
NetwitnessSAListIncidents
- Updated the Docker image to: demisto/python3:3.10.13.83255.
NetwitnessSAGetComponents
- Updated the Docker image to: demisto/python3:3.10.13.83255.
NetwitnessSACreateIncident
- Updated the Docker image to: demisto/python3:3.10.13.83255.
NetwitnessSAGetEvents
- Updated the Docker image to: demisto/python3:3.10.13.83255.
- 32030
Download
1.0.11 - R6592021 (October 13, 2023)
- 28088
Download
Scripts
NetwitnessSAAddEventsToIncident
- Updated the Docker image to: demisto/python3:3.10.12.63474.
NetwitnessSAGetAvailableAssignees
- Updated the Docker image to: demisto/python3:3.10.12.63474.
NetwitnessSAListIncidents
- Updated the Docker image to: demisto/python3:3.10.12.63474.
NetwitnessSAGetComponents
- Updated the Docker image to: demisto/python3:3.10.12.63474.
NetwitnessSACreateIncident
- Updated the Docker image to: demisto/python3:3.10.12.63474.
NetwitnessSAGetEvents
- Updated the Docker image to: demisto/python3:3.10.12.63474.
- 28088
Download
1.0.9 - 5318720 (May 21, 2023)
- 26365
Download
Scripts
NetwitnessSAAddEventsToIncident
- Added the
skipprepareattribute to prevent scripts and tasks containing the word incident from being replaced with the word alert. - Updated the Docker image to: demisto/python3:3.10.11.58677.
NetwitnessSACreateIncident
- Added the
skipprepareattribute to prevent scripts and tasks containing the word incident from being replaced with the word alert. - Updated the Docker image to: demisto/python3:3.10.11.58677.
NetwitnessSAListIncidents
- Added the
skipprepareattribute to prevent scripts and tasks containing the word incident from being replaced with the word alert. - Updated the Docker image to: demisto/python3:3.10.11.58677.
- 26365
Download
PUBLISHER
PLATFORMS
Cortex XSOARCortex XSIAM
INFO
| Certification | Certified | Read more |
| Supported By | Cortex | |
| Created | June 30, 2020 | |
| Last Release | November 28, 2024 |
WORKS WITH THE FOLLOWING INTEGRATIONS:
