
Jun 21, 2023
1.1.1
ThreatQ versions >= 4.35.0
NetWitness Incidents CDF
Overview
The RSA NetWitness CDF for ThreatQuotient enables ThreatQ to automatically ingest incidents and their related indicators from RSA NetWitness.
The integration ingests threat intelligence data from the following endpoints:
- RSA NetWitness Incidents (Feed) - fetches all incidents from RSA NetWitness, within a given timeframe. Each incident will be parsed for metadata and related indicators, and the intelligence will be uploaded to ThreatQ.
- Get API Token (Supplemental) - authenticates using user credentials to get back an access token used for each subsequent request.
The integration ingests the following system object types:
- Incidents
- Incident Attributes
- Indicators
- Indicator Attributes