List NetWitness SA incidents. Filtering and sorting the list is also supported (see optional arguments).
RSA NetWitness Security Analytics
- Details
- Content
- Dependencies
- Version History
RSA Security Analytics, compatible with prior to v11. A distributed and modular system that enables highly flexible deployment architectures that scale with the needs of the organization. Security Analytics allows administrators to collect two types of data from the network infrastructure, packet data and log data.
Automations
| Name | Description |
|---|---|
NetwitnessSAListIncidents | |
NetwitnessSAGetEvents | Returns all the RSA NetWitness SA events in the defined time range. |
| NetwitnessSAGetAvailableAssignees | Returns the available NetWitness SA users to be assigned to incidents. |
| NetwitnessSACreateIncident | Create an incident inside NetWitness SA from a set of NetWitness events. |
| NetwitnessSAAddEventsToIncident | This command will add new events to an existing NetWitness SA incident. |
NetwitnessSAGetComponents | Get a list of components in the NetWitness architecture. |
Integrations
| Name | Description |
|---|---|
| RSA NetWitness Security Analytics | RSA Security Analytics, compatible with prior to v11. A distributed and modular system that enables highly flexible deployment architectures that scale with the needs of the organization. Security Analytics allows administrators to collect two types of data from the network infrastructure, packet data and log data. |
Automations
| Name | Description |
|---|---|
| NetwitnessSAAddEventsToIncident | This command will add new events to an existing NetWitness SA incident. |
| NetwitnessSACreateIncident | Create an incident inside NetWitness SA from a set of NetWitness events. |
| NetwitnessSAGetAvailableAssignees | Returns the available NetWitness SA users to be assigned to incidents. |
NetwitnessSAGetComponents | Get a list of components in the NetWitness architecture. |
NetwitnessSAListIncidents | List NetWitness SA incidents. Filtering and sorting the list is also supported (see optional arguments). |
NetwitnessSAGetEvents | Returns all the RSA NetWitness SA events in the defined time range. |
Integrations
| Name | Description |
|---|---|
| RSA NetWitness Security Analytics | RSA Security Analytics, compatible with prior to v11. A distributed and modular system that enables highly flexible deployment architectures that scale with the needs of the organization. Security Analytics allows administrators to collect two types of data from the network infrastructure, packet data and log data. |
Required Content Packs (1)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
Optional Content Packs (0)
| Pack Name | Pack By |
|---|
All level dependencies (1)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
1.0.14 - 3023472 (March 31, 2025)
- 39077
Download
Scripts
NetwitnessSAGetEvents
- Metadata and documentation improvements.
NetwitnessSAGetAvailableAssignees
- Metadata and documentation improvements.
NetwitnessSACreateIncident
- Metadata and documentation improvements.
NetwitnessSAListIncidents
- Metadata and documentation improvements.
NetwitnessSAAddEventsToIncident
- Metadata and documentation improvements.
NetwitnessSAGetComponents
- Metadata and documentation improvements.
- 39077
Download
1.0.13 - R2989425 (March 26, 2025)
- 37407
- 37402
- 37403
- 37405
- 37406
- 37404
Download
Scripts
NetwitnessSACreateIncident
- Updated the Docker image to: demisto/python3:3.11.10.115186.
NetwitnessSAListIncidents
- Updated the Docker image to: demisto/python3:3.11.10.115186.
NetwitnessSAGetComponents
- Updated the Docker image to: demisto/python3:3.11.10.115186.
NetwitnessSAGetEvents
- Updated the Docker image to: demisto/python3:3.11.10.115186.
NetwitnessSAGetAvailableAssignees
- Updated the Docker image to: demisto/python3:3.11.10.115186.
NetwitnessSAAddEventsToIncident
- Updated the Docker image to: demisto/python3:3.11.10.115186.
- 37407
- 37402
- 37403
- 37405
- 37406
- 37404
Download
1.0.12 - R1709192 (November 26, 2024)
- 32030
Download
Scripts
NetwitnessSAAddEventsToIncident
- Updated the Docker image to: demisto/python3:3.10.13.83255.
NetwitnessSAGetAvailableAssignees
- Updated the Docker image to: demisto/python3:3.10.13.83255.
NetwitnessSAListIncidents
- Updated the Docker image to: demisto/python3:3.10.13.83255.
NetwitnessSAGetComponents
- Updated the Docker image to: demisto/python3:3.10.13.83255.
NetwitnessSACreateIncident
- Updated the Docker image to: demisto/python3:3.10.13.83255.
NetwitnessSAGetEvents
- Updated the Docker image to: demisto/python3:3.10.13.83255.
- 32030
Download
1.0.11 - R6592021 (October 13, 2023)
- 28088
Download
Scripts
NetwitnessSAAddEventsToIncident
- Updated the Docker image to: demisto/python3:3.10.12.63474.
NetwitnessSAGetAvailableAssignees
- Updated the Docker image to: demisto/python3:3.10.12.63474.
NetwitnessSAListIncidents
- Updated the Docker image to: demisto/python3:3.10.12.63474.
NetwitnessSAGetComponents
- Updated the Docker image to: demisto/python3:3.10.12.63474.
NetwitnessSACreateIncident
- Updated the Docker image to: demisto/python3:3.10.12.63474.
NetwitnessSAGetEvents
- Updated the Docker image to: demisto/python3:3.10.12.63474.
- 28088
Download
1.0.14 - 3042633 (April 2, 2025)
- 39077
Download
Scripts
NetwitnessSAGetEvents
- Metadata and documentation improvements.
NetwitnessSAGetAvailableAssignees
- Metadata and documentation improvements.
NetwitnessSACreateIncident
- Metadata and documentation improvements.
NetwitnessSAListIncidents
- Metadata and documentation improvements.
NetwitnessSAAddEventsToIncident
- Metadata and documentation improvements.
NetwitnessSAGetComponents
- Metadata and documentation improvements.
- 39077
Download
1.0.13 - R2989425 (March 26, 2025)
- 37407
- 37402
- 37403
- 37405
- 37406
- 37404
Download
Scripts
NetwitnessSACreateIncident
- Updated the Docker image to: demisto/python3:3.11.10.115186.
NetwitnessSAListIncidents
- Updated the Docker image to: demisto/python3:3.11.10.115186.
NetwitnessSAGetComponents
- Updated the Docker image to: demisto/python3:3.11.10.115186.
NetwitnessSAGetEvents
- Updated the Docker image to: demisto/python3:3.11.10.115186.
NetwitnessSAGetAvailableAssignees
- Updated the Docker image to: demisto/python3:3.11.10.115186.
NetwitnessSAAddEventsToIncident
- Updated the Docker image to: demisto/python3:3.11.10.115186.
- 37407
- 37402
- 37403
- 37405
- 37406
- 37404
Download
1.0.12 - R1709192 (November 26, 2024)
- 32030
Download
Scripts
NetwitnessSAAddEventsToIncident
- Updated the Docker image to: demisto/python3:3.10.13.83255.
NetwitnessSAGetAvailableAssignees
- Updated the Docker image to: demisto/python3:3.10.13.83255.
NetwitnessSAListIncidents
- Updated the Docker image to: demisto/python3:3.10.13.83255.
NetwitnessSAGetComponents
- Updated the Docker image to: demisto/python3:3.10.13.83255.
NetwitnessSACreateIncident
- Updated the Docker image to: demisto/python3:3.10.13.83255.
NetwitnessSAGetEvents
- Updated the Docker image to: demisto/python3:3.10.13.83255.
- 32030
Download
1.0.11 - R6592021 (October 13, 2023)
- 28088
Download
Scripts
NetwitnessSAAddEventsToIncident
- Updated the Docker image to: demisto/python3:3.10.12.63474.
NetwitnessSAGetAvailableAssignees
- Updated the Docker image to: demisto/python3:3.10.12.63474.
NetwitnessSAListIncidents
- Updated the Docker image to: demisto/python3:3.10.12.63474.
NetwitnessSAGetComponents
- Updated the Docker image to: demisto/python3:3.10.12.63474.
NetwitnessSACreateIncident
- Updated the Docker image to: demisto/python3:3.10.12.63474.
NetwitnessSAGetEvents
- Updated the Docker image to: demisto/python3:3.10.12.63474.
- 28088
Download
PUBLISHER
PLATFORMS
Cortex XSOARCortex XSIAM
INFO
| Certification | Certified | Read more |
| Supported By | Cortex | |
| Created | June 30, 2020 | |
| Last Release | March 31, 2025 |
WORKS WITH THE FOLLOWING INTEGRATIONS:
