The RSA NetWitness CDF for ThreatQuotient enables ThreatQ to automatically ingest incidents and their related indicators from RSA NetWitness.
The integration ingests threat intelligence data from the following endpoints:

• RSA NetWitness Incidents (Feed) - fetches all incidents from RSA NetWitness, within a given timeframe. Each incident will be parsed for metadata and related indicators, and the intelligence will be uploaded to ThreatQ.
• Get API Token (Supplemental) - authenticates using user credentials to get back an access token used for each subsequent request.

The integration ingests the following system object types:

• Incidents
• Incident Attributes
• Indicators
• Indicator Attributes