RSA Netwitness Playbooks

As a starting point for the Alert Triage and Prioritization use case, the Alert Processing – RSA NetWitness Platform playbook template enables the ingestion and processing of incidents and alerts from the RSA NetWitness Platform into ThreatConnect. The Playbook is triggered each time a new Incident is generated in RSA NetWitness. The Incident details and context are saved as a Case and the Alerts are parsed and saved as Artifacts. The RSA NetWitness Platform – Respond Service app is required to be installed and configured prior to activating this Playbook.

The Convert Signatures playbook creates a User Action trigger on Signature objects to convert a Sigma signature to an RSA NetWitness formatted rule. For more information on Sigma, please click here.

These Playbook templates can be found in the ThreatConnect App Catalog under the names: Alert Processing – RSA NetWitness Platform and Convert Sigma Signature To RSA NetWitness

Categories:

ThreatConnect

RSA Netwitness Playbooks

Developers

Company

Categories:

ThreatConnect

RSA Netwitness Playbooks

Related Playbooks

Devo

SIEM and Analytics

Elastic Security

SIEM and Analytics

ElasticSearch

SIEM and Analytics

Developers

Company