RSA Security Analytics, compatible with prior to v11. A distributed and modular system that enables highly flexible deployment architectures that scale with the needs of the organization. Security Analytics allows administrators to collect two types of data from the network infrastructure, packet data and log data.
RSA NetWitness Security Analytics
- Details
- Content
- Dependencies
- Version History
RSA Security Analytics, compatible with prior to v11. A distributed and modular system that enables highly flexible deployment architectures that scale with the needs of the organization. Security Analytics allows administrators to collect two types of data from the network infrastructure, packet data and log data.
Integrations
| Name | Description |
|---|---|
| RSA NetWitness Security Analytics |
Automations
| Name | Description |
|---|---|
NetwitnessSAListIncidents | List NetWitness SA incidents. Filtering and sorting the list is also supported (see optional arguments). |
| NetwitnessSAGetAvailableAssignees | Returns the available NetWitness SA users to be assigned to incidents |
NetwitnessSAGetEvents | Returns all the RSA NetWitness SA events in the defined time range |
NetwitnessSAGetComponents | Get a list of components in the NetWitness architecture |
| NetwitnessSAAddEventsToIncident | This command will add new events to an existing NetWitness SA incident |
| NetwitnessSACreateIncident | Create an incident inside NetWitness SA from a set of NetWitness events. |
Integrations
| Name | Description |
|---|---|
| RSA NetWitness Security Analytics | RSA Security Analytics, compatible with prior to v11. A distributed and modular system that enables highly flexible deployment architectures that scale with the needs of the organization. Security Analytics allows administrators to collect two types of data from the network infrastructure, packet data and log data. |
Automations
| Name | Description |
|---|---|
NetwitnessSAListIncidents | List NetWitness SA incidents. Filtering and sorting the list is also supported (see optional arguments). |
| NetwitnessSAGetAvailableAssignees | Returns the available NetWitness SA users to be assigned to incidents |
NetwitnessSAGetEvents | Returns all the RSA NetWitness SA events in the defined time range |
NetwitnessSAGetComponents | Get a list of components in the NetWitness architecture |
| NetwitnessSAAddEventsToIncident | This command will add new events to an existing NetWitness SA incident |
| NetwitnessSACreateIncident | Create an incident inside NetWitness SA from a set of NetWitness events. |
Required Content Packs (1)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
Optional Content Packs (0)
| Pack Name | Pack By |
|---|
All level dependencies (0)
| Pack Name | Pack By |
|---|
1.0.7 - 3635034 (September 10, 2022)
- 21069
Download
Scripts
NetwitnessSAGetAvailableAssignees
- Updated the Docker image to: demisto/python3:3.10.6.33415.
NetwitnessSAGetEvents
- Updated the Docker image to: demisto/python3:3.10.6.33415.
NetwitnessSAGetComponents
- Updated the Docker image to: demisto/python3:3.10.6.33415.
NetwitnessSAListIncidents
- Updated the Docker image to: demisto/python3:3.10.6.33415.
NetwitnessSACreateIncident
- Updated the Docker image to: demisto/python3:3.10.6.33415.
NetwitnessSAAddEventsToIncident
- Updated the Docker image to: demisto/python3:3.10.6.33415.
- 21069
Download
1.0.6 - 3208294 (July 5, 2022)
- 19803
Download
Scripts
NetwitnessSAListIncidents
- Fixed an issue where nw-list-incidents which is deprecated was used, was replaced by netwitness-im-list-incidents.
- Updated the Docker image to: demisto/python:2.7.18.27799.
NetwitnessSAGetAvailableAssignees
- Fixed an issue where nw-get-available-assignees which is deprecated was used, was replaced by netwitness-im-get-available-assignees.
- Updated the Docker image to: demisto/python:2.7.18.27799.
NetwitnessSAGetEvents
- Fixed an issue where nw-get-events which is deprecated was used, was replaced by netwitness-im-get-events.
- Updated the Docker image to: demisto/python:2.7.18.27799.
NetwitnessSAAddEventsToIncident
- Fixed an issue where nw-add-events-to-incident which is deprecated was used, was replaced by netwitness-add-events-to-incident.
- Updated the Docker image to: demisto/python:2.7.18.27799.
NetwitnessSAGetComponents
- Fixed an issue where nw-get-components which is deprecated was used, was replaced by netwitness-im-get-components.
- Updated the Docker image to: demisto/python:2.7.18.27799.
NetwitnessSACreateIncident
- Fixed an issue where nw-create-incident which is deprecated was used, was replaced by netwitness-im-create-incident.
- Updated the Docker image to: demisto/python:2.7.18.27799.
- 19803
Download
1.0.5 - 2836953 (April 28, 2022)
Integrations
RSA NetWitness Security Analytics
- Updated formatting of integration parameters.
1.0.4 - R2411339 (February 14, 2022)
Scripts
NetwitnessSAAddEventsToIncident
- Updated the Docker image to: demisto/python:2.7.18.24398.
NetwitnessSACreateIncident
- Updated the Docker image to: demisto/python:2.7.18.24398.
NetwitnessSAGetAvailableAssignees
- Updated the Docker image to: demisto/python:2.7.18.24398.
NetwitnessSAGetComponents
- Updated the Docker image to: demisto/python:2.7.18.24398.
NetwitnessSAGetEvents
- Updated the Docker image to: demisto/python:2.7.18.24398.
NetwitnessSAListIncidents
- Updated the Docker image to: demisto/python:2.7.18.24398.
1.0.3 - 7567740 (September 12, 2021)
Scripts
NetwitnessSAAddEventsToIncident
- Updated the Docker image to: demisto/python:2.7.18.24066.
NetwitnessSACreateIncident
- Updated the Docker image to: demisto/python:2.7.18.24066.
NetwitnessSAGetAvailableAssignees
- Updated the Docker image to: demisto/python:2.7.18.24066.
NetwitnessSAGetComponents
- Updated the Docker image to: demisto/python:2.7.18.24066.
NetwitnessSAGetEvents
- Updated the Docker image to: demisto/python:2.7.18.24066.
NetwitnessSAListIncidents
- Updated the Docker image to: demisto/python:2.7.18.24066.
PUBLISHER
Cortex
PLATFORMS
Cortex XSOARCortex XSIAM
INFO
| Certification | Certified | Read more |
| Supported By | Cortex | |
| Created | June 30, 2020 | |
| Last Release | September 10, 2022 |
WORKS WITH THE FOLLOWING INTEGRATIONS:
