SIRP

NetWitness is a network security company that provides real-time network forensics automated threat detection, response, and analysis solutions.

Netwitness XDR uses a centralized combination of network and endpoint analysis, behavioral analysis, data science techniques, and threat intelligence which helps analysts detect and resolve known and unknown attacks while automating and orchestrating the incident response lifecycle 

NetWitness integration with a SIRP streamlines threat detection and response, optimizing cybersecurity efficiency. This collaboration automates incident workflows, accelerates mitigation, and centralizes operations, fostering team collaboration for an agile and effective defense strategy.

SIRP's Netwitness app allows you to execute the following actions:

 To add an API user account and assign a role to the user:

- In the Users tab, click netwitness_icon-add.png in the toolbar.
- The Add User dialog is displayed.

- To add an API user account and assign a role to the user:
 - In the Users tab, click netwitness_icon-add.png in the toolbar.
 - The Add User dialog is displayed.

Type the following account information for the new user:

- Authentication Type: NetWitness is selected by default and is the correct choice when adding a local user.
- Username for logging on to NetWitness
- Email address
- Password for logging on to NetWitness, in the Password and Confirm Password fields
- Full Name of the new user ​

To assign a role to the user, click "+" in the Roles tab. The Add Role selection dialog shows the list of available roles. Select each role to assign and click Add.

Note: The API users must belong to roles that have the <code>integration-server.api</code>. access permission, as well as any underlying permissions required to fulfill the request.

- Type the following account information for the new user:
 - Authentication Type: NetWitness is selected by default and is the correct choice when adding a local user.
 - Username for logging on to NetWitness
 - Email address
 - Password for logging on to NetWitness, in the Password and Confirm Password fields
 - Full Name of the new user ​
- To assign a role to the user, click "+" in the Roles tab. The Add Role selection dialog shows the list of available roles. Select each role to assign and click Add.
 Note: The API users must belong to roles that have the <code>integration-server.api</code>. access permission, as well as any underlying permissions required to fulfill the request.

Click Save. The Users tab shows the new user and each role assigned to the user. The Users account is active immediately.

- Click Save. The Users tab shows the new user and each role assigned to the user. The Users account is active immediately.

To enable the Apps, navigate to the apps module in SIRP, and search for Netwitness

- To enable the Apps, navigate to the apps module in SIRP, and search for Netwitness
- Enable the Netwitness app.

S.no	Action	Description
1	Get Incident	Ingest Incidents from Netwitness
2	Get Alerts	Ingest Alerts from Netwitness
3	Update Incident	Update Incident Status
4	Add Note to Incident	Add Journal Entry to Incident
5	Assign User to Incident	Assign User to an Incident

Parameter	Value
Configuration Name	Any unique string value
URL	`URL` where your Netwitness is accessible
Username	`Username` of the API User
Password	`password` of the API USer

About Netwitness

Supported Actions

Create API User on Netwitness

Enable the Netwitness App in SIRP