ThreatConnect Marketplace
  • Apps
  • Playbooks
  • Apps
  • Playbooks
Home » Playbook Overview » RSA Netwitness Playbooks
Back to Apps

Categories:
  • SIEM and Analytics
Built by

ThreatConnect

RSA Netwitness Playbooks

As a starting point for the Alert Triage and Prioritization use case, the Alert Processing – RSA NetWitness Platform playbook template enables the ingestion and processing of incidents and alerts from the RSA NetWitness Platform into ThreatConnect. The Playbook is triggered each time a new Incident is generated in RSA NetWitness. The Incident details and context are saved as a Case and the Alerts are parsed and saved as Artifacts. The RSA NetWitness Platform – Respond Service app is required to be installed and configured prior to activating this Playbook.

The Convert Signatures playbook creates a User Action trigger on Signature objects to convert a Sigma signature to an RSA NetWitness formatted rule. For more information on Sigma, please click here.

These Playbook templates can be found in the ThreatConnect App Catalog under the names: Alert Processing – RSA NetWitness Platform and Convert Sigma Signature To RSA NetWitness

Related Playbooks

Devo
SIEM and Analytics

With the Devo integration, customers have the ability to query their Devo instance

Elastic Security
SIEM and Analytics

With the Elastic Security integration users are able to utilize Kibana SIEM threat detection features with endpoint prevention...

ElasticSearch
SIEM and Analytics

With the Elasticsearch Playbook app and Service app, you can execute a search query and get back search hits that match the...

Developers

  • Knowledge Base
  • Training Site

Company

  • ThreatConnect
  • Contact Us
  • Blog
  • Twitter
  • Facebook
  • Linkedin

© Copyright - ThreatConnect Marketplace
Scroll to top