RSA Netwitness

Posted: 15th April 2022
RSA Netwitness

Product Overview

RSA NetWitness Platform brings together evolved SIEM and threat defense solutions that deliver unsurpassed visibility, analytics, and automated response capabilities. These combined capabilities help security teams work more efficiently and effectively, up-leveling their threat hunting skills and enabling them to investigate and respond to threats faster, across their organization’s entire infrastructure—whether in the cloud, on-premises, or virtual.

Challenges Overcome Through Integration

With Recorded Future intelligence integrated into Netwitness, it becomes possible to add another layer of fidelity to alerts reducing false positives and increasing detection whilst simultaneously reducing triage time and increasing contextual awareness.

  • Correlated telemetry & intelligence
  • Contextualized enrichment
  • Rapid response
  • Increased fidelity
  • Reduced false positive ratios

Integration Description

Recorded Future arms you with real-time threat intelligence so you can proactively defend your organization against cyber attacks. With billions of indexed facts, and more added every day, Recorded Future’s patented Web Intelligence Engine continuously analyzes the entire web to give you unmatched insight into emerging threats.

Security Analytics imports the intelligence from Recorded Future and enhances the events collected from third party sources by appending threat intelligence to metadata when and where needed.

By using Netwitness Event Stream Analysis (ESA) for notification of the events, threat intelligence can be used to create alerts to advise security staff of potential malicious activity.

Context menu lookups within the investigator provides a quick pivot of the entity to review the threat details directly on the Recorded Future portal for rapid decision making during hunting and analysis sessions.