This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

API to integrate third-party malware analysis tool into RSA Security Analytics Dashboard

RSAAdmin
Beginner
Beginner

‎2014-11-04 12:22 AM

Hello,


I would like integrate a custom (third-party) malware analysis tool into the RSA Security Analytics Dashboard and display the analysis results along the results provided by the many options of the Malware Analysis (Spectrum) appliance. I did not find a way to add a custom malware analysis tool, just to enable exiting modules, such as GFI and ThreadGRID sandboxes, static analysis, AVs, etc. What I would like is to integrate a third-party analysis tool and then access the analysis results in the main dashboard of the RSA SA (e.g., under Investigation -> Malware Analysis).


Is this possible in the first place? If yes, is there a public API to achieve this integration? For instance, the Netwitness REST API was very useful in providing access to the incoming content to this third-party malware analysis tool, but I did not find any way to send the analysis results back.

 

Thank you!

0 Likes
3 REPLIES 3

RSAAdmin
Beginner
Beginner

‎2014-11-07 10:51 AM

I read a bit more about this and it seems that the integration of third-party malware analysis services into the RSA Security Analytics is done through the syslog format. Does anyone have a pointer on how to configure the RSA Security Analytics appliance to accept logs from a third-party malware analysis appliance? I am fairy to the RSA Security Analytics solution.

 

Thank you very much,

Cristi

0 Likes

Anonymous
Not applicable
In response to RSAAdmin

‎2014-11-10 11:22 AM

I've been asking around and I dont believe there is currently any way to integrate the results into the Security Analytics User Interface.

RSAAdmin
Beginner
Beginner
In response to Anonymous

‎2014-11-11 04:52 AM

Hi Seth,

 

Thanks a lot for looking into this.  I do understand there is no API to integrate into the Security Analytics dashboard, however I heard there it is possible to integrate to a lesser extent the results from third-party tools like anti-viruses (probably via syslog). Is this accurate? If yes, it would be great if you had a pointer to the relevant documentation.

 

Thanks a lot for your help!

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.