This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

RSA SA alerts pushed to RSA Orchestrator

AbuFaizal3
Beginner
Beginner

‎2018-05-24 08:40 AM

Hi Team,

 

i would like to achieve, without rules on ESA , alerts need to be pushed to orchestrator  

 

example:- all malicious url which is represented by SA , need automate to check URL reputation in rsa orchestrator 

 

Can anyone help please 

Labels:
0 Likes
1 REPLY 1

EricPartington
Employee
Employee

‎2018-05-24 08:51 AM

If you aren't using ESA for alerts, where are your alerts coming from? RE > Alerts?

 

If your ‘alerts' are queries or meta drills then use the integration from orchestrator to query for that drill and pul l those events into Orchestrator and check the URL  against your references.  I would doubt that using this as a means to perform ‘proxy' like reputation checking at scale is the best idea… probabaly better ways to do that.  If your checking is for a limited numbers then you might be able to get away with it.

 

If you aren't using IM or Respond then you aren't going to ‘push' anything to Orchestrator.  It will be a pull from Orchestrator based on a query criteria to  potentially create an incident based on information you grab.

 

 

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.