This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Security Orchestration with CyberSponse & Swimlane

MaryRoark
Employee
Employee

‎2017-08-07 02:18 PM

“Security vendors like …. RSA Security, are adding automation capabilities to security analytics platforms to increase operational efficiency and reduce response times.” according to a recent report from Forrester. (Reduce Risk And Improve Security Through Infrastructure Automation published June 8, 2017)

 

It is possible to automate the security “grunt work.” RSA NetWitness team is working to do just that by integrating with vendors like Swimlane and CyberSponse, both of which are RSA Ready Partners. 

 

Vendors like Swimlane are building standalone SAO tools - security middleware to connect disparate device types which when integrated with RSA NetWitness becomes even more powerful. Check out the Press Release for Swimlane and the Integration Guide.

 

CyberSponse continues to simplify Security Operations by announcing Interoperability & Out-of-the-Box Connectors for the RSA NetWitness® Product Suite. Check out the Press Release: Press Release for CyberSponse and the Integration guide.

 

More to come  to eliminate the security "grunt work" and make it easier to secure your enterprises from the RSA Ready Partner team.

0 Likes
3 REPLIES 3

JoeGumke
Beginner
Beginner

‎2017-08-08 01:43 PM

thanks mary. What is the full capability of querying data? For instance, when querying for packets and/or logs, can swimlane automatically detect the last event that the system sent (via log query, or querying the event source DB)?

0 Likes

MaryRoark
Employee
Employee
In response to JoeGumke

‎2017-08-14 10:51 AM

Thanks for your question -- tracking down an exact answer. - Mary

0 Likes

MaryRoark
Employee
Employee
In response to JoeGumke

‎2017-08-14 04:26 PM

Hello,

The capabilities are to receive a syslog alert from NetWitness and to query NetWitness for a given IP address or given timeframe.  The latter two can be kicked off by a by either a manual or workflow-related trigger on the Swimlane side.

Please see the implementation guide for more details and continue to ask questions.

Mary

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.