• Last Updated
    Jun 21, 2023
  • Version
    1.1.1
  • Compatibility
    ThreatQ versions >= 4.35.0
  • NetWitness Incidents CDF

    ThreatQuotient

    Overview

    The RSA NetWitness CDF for ThreatQuotient enables ThreatQ to automatically ingest incidents and their related indicators from RSA NetWitness.
    The integration ingests threat intelligence data from the following endpoints:

    • RSA NetWitness Incidents (Feed) - fetches all incidents from RSA NetWitness, within a given timeframe. Each incident will be parsed for metadata and related indicators, and the intelligence will be uploaded to ThreatQ.
    • Get API Token (Supplemental) - authenticates using user credentials to get back an access token used for each subsequent request.

    The integration ingests the following system object types:

    • Incidents
    • Incident Attributes
    • Indicators
    • Indicator Attributes
       

     

     

    Copyright © 2025, ThreatQuotient, Inc. All Rights Reserved. Privacy Policy