NetWitness Community

VedSharma · ‎2020-09-22

Hi,

Anyone can helpout me, to integrate Crowdstrike falcon with RSA Netwitness?

AbdelrahmanMoha · ‎2020-09-28

Dear Ved,

I think there is no official document for the integration, but I found this link useful to integrate crowd strike with RSA Netwitness

https://www.crowdstrike.com/blog/tech-center/integrate-with-your-siem/

Regards

Abdelrahman Mohammed

VedSharma · ‎2020-09-28

Hi Abdelrahman,

Thanks for your reply.

I have already go through the same docs. If you have integrated crowdstrike with Netwitness then can you share your experience please?

AbdelrahmanMoha · ‎2020-09-30

Hi Vid,

unfortunately still, but we are planning to have it in our environment, once we have and finalize the integration I will share the steps.

Regards

Abdelrahman Mohammed

drewjc · ‎2020-09-30

As a one-off integration that needs manual updating on an ad-hoc basis CrowdStrike Falcon publishes threat IOCs in a native NetWitness feed format. The alternative is to pull the CrowdStrike IOCs into your threat intelligence platform and then point NetWitness towards that platform.

FPCAdmins · ‎2023-02-16

Crowdstrike issues them as a zip containing a *.feed. How do you implement that into the netwitness system?

NetWitness Community

Crowdstrike falcon integration with RSA Netwitness