About Netwitness
NetWitness is a network security company that provides real-time network forensics automated threat detection, response, and analysis solutions.
Netwitness XDR uses a centralized combination of network and endpoint analysis, behavioral analysis, data science techniques, and threat intelligence which helps analysts detect and resolve known and unknown attacks while automating and orchestrating the incident response lifecycle
NetWitness integration with a SIRP streamlines threat detection and response, optimizing cybersecurity efficiency. This collaboration automates incident workflows, accelerates mitigation, and centralizes operations, fostering team collaboration for an agile and effective defense strategy.
Supported Actions
SIRP's Netwitness app allows you to execute the following actions:
S.no | Action | Description |
1 | Get Incident | Ingest Incidents from Netwitness |
2 | Get Alerts | Ingest Alerts from Netwitness |
3 | Update Incident | Update Incident Status |
4 | Add Note to Incident | Add Journal Entry to Incident |
5 | Assign User to Incident | Assign User to an Incident |
Create API User on Netwitness
To add an API user account and assign a role to the user:
In the Users tab, click netwitness_icon-add.png in the toolbar.
The Add User dialog is displayed.
Type the following account information for the new user:
Authentication Type: NetWitness is selected by default and is the correct choice when adding a local user.
Username for logging on to NetWitness
Email address
Password for logging on to NetWitness, in the Password and Confirm Password fields
Full Name of the new user
β
To assign a role to the user, click "+" in the Roles tab. The Add Role selection dialog shows the list of available roles. Select each role to assign and click Add.
Note: The API users must belong to roles that have the
integration-server.api
. access permission, as well as any underlying permissions required to fulfill the request.
Click Save. The Users tab shows the new user and each role assigned to the user. The Users account is active immediately.
Enable the Netwitness App in SIRP
To enable the Apps, navigate to the apps module in SIRP, and search for Netwitness
Enable the Netwitness app.
Add Netwitness configuration into SIRP
Parameter | Value |
Configuration Name | Any unique string value |
URL |
|
Username |
|
Password |
|