RSA NetWitness® Platform is a modular highly configurable platform but here are some of the Azure use cases off the top of my head:
- Send Azure Monitor Activity and Diagnostic Logs to RSA NetWitness® Platform
- RSA NetWitness® Platform in Azure
a. Full deployment in Azure
b. Hybrid model combination of on-prem and Azure deployment - RSA NetWitness® Platform, RSA NetWitness Orchestrator® and Azure Identity Protection
a. RSA NetWitness® Platform
i. Send Azure Active Directory Logs
ii. Send Microsoft Graph Security Logs
iii. Send Azure Identity Protection Logs
iv. Alerting in RSA NetWitness® Platform based on UEBA
b. RSA NetWitness Orchestrator®
i. Playbook integration to RSA NetWitness Respond app enrich Incident with information from RSA NetWitness Events app
ii. Playbook integration to Microsoft Graph Security API
1. Enrichment
2. Perform action
iii. Deploy Indicators to Microsoft Defender ATP and Azure Sentinel
iv. Office 365 Phishing Investigation
v. Triage Graph Security Alerts
Here are some supporting links:
https://community.rsa.com/community/products/netwitness/blog/2019/03/19/azure-monitor-netwitness-integration
Azure Install: Deployment Overview
https://threatconnect.com/news/threatconnect-integrates-with-microsoft-graph-security-api-to-strengthen-security-automat…
https://community.rsa.com/community/products/netwitness/blog/2019/03/19/azure-monitor-netwitness-integration
https://threatconnect.com/blog/threatconnect-and-microsoft-graph-integrate-seamlessly-with-the-microsoft-stack/
If you need any further assistance reach out to the RSA NetWitness Sales Team and they'll gladly work with you on a custom solution.
