RSA Netwitness Playbooks
As a starting point for the Alert Triage and Prioritization use case, the Alert Processing – RSA NetWitness Platform playbook template enables the ingestion and processing of incidents and alerts from the RSA NetWitness Platform into ThreatConnect. The Playbook is triggered each time a new Incident is generated in RSA NetWitness. The Incident details and context are saved as a Case and the Alerts are parsed and saved as Artifacts. The RSA NetWitness Platform – Respond Service app is required to be installed and configured prior to activating this Playbook.
The Convert Signatures playbook creates a User Action trigger on Signature objects to convert a Sigma signature to an RSA NetWitness formatted rule. For more information on Sigma, please click here.
These Playbook templates can be found in the ThreatConnect App Catalog under the names: Alert Processing – RSA NetWitness Platform and Convert Sigma Signature To RSA NetWitness