This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Community Blog
Subscribe to the official NetWitness Community blog for information about new product features, industry insights, best practices, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ArcSight ESM - RSA NetWitness Suite Integration Guide

Anonymous
Not applicable
‎2017-02-03 03:24 PM

The 'NetWitness-ArcSight_Integrations' Zipped archive will contain documentation, required references and import files to create integrations between ArcSight ESM and NetWitness. It is broken down into three main integrations:

  1. Right-Click lookup functionality from ArcSight allowing an analyst to pivot to NetWitness and perform an investigation using one of the following queries:
    • Filename
    • SessionID
    • Source Address (IP)
    • Destination Address (IP)
    • Source Address (IP) and Destination Address (IP) Combination
    • Source Address (IP) and Destination Hostname Combination
    • Source Address (IP) and Destination TCP/UDP Port Combination
    • ESA Alert originating event callback (using Decoder ID, RID & SessionID)
  2. A Custom CEF Formatted ESA Notification Template and associated Global Notification Configuration to stream alert information to an ArcSight Syslog SmartConnector. This template will use the following mapping table:
  3. A Reporting Engine Alert CEF Syslog Template
NetWitness-ArcSight_Integrations.zip
NetWitness-ArcSight_Integrations.zip
1017 KB
© 2022 RSA Security LLC or its affiliates. All rights reserved.