NetWitness Community

EvyatarElmaliah · ‎2018-03-07

Hi,

I'm using NetWitness 11.0.

Is there any API to perform queries that will return if the query subject is linked to an event or alert or task?

For example if ip.src = 1.1.1.1 is linked to some event or alert?

Thanks!

JohnKisner · ‎2018-03-08

As of right now there is no way that I know of to perform the action you are looking for.

View solution in original post

JohnKisner · ‎2018-03-07

Evyatar,

To the best of my knowledge the REST interface is currently for the core services only. This means you can run queries via REST only against the brokers, concentrators, decoders and archivers. You can't run it against Response, Reporting Engine or Event Stream Analysis.

EvyatarElmaliah · ‎2018-03-08

Is there any other way (WebSockets for example) to get such data?

Thanks

JohnKisner · ‎2018-03-08

As of right now there is no way that I know of to perform the action you are looking for.

NikolayKlender · ‎2018-03-12

Is there any way to get Eventsources Alarms via rest api?

JohnKisner · ‎2018-03-12

Not at this time. The only way to get these alarms is to set them up to be sent out via SNMP, syslog or SMTP.

JohnKisner · ‎2018-06-13

Evyatar & Nikolay,

Some new information was given to me about the new API in 11.1. You can find it here: NetWitness Suite API User Guide for Version 11.1. It looks to be for accessing the Response service. So any alerts/incidents can be accessible via this API in 11.1. You may be able to use this API to find what you are looking for.

NetWitness Community

NetWitness REST API