ESM: NetWitness Event Sources

Document created by RSA Information Design and Development on Apr 10, 2019
Version 1Show Document
  • View in full screen mode

Event sources are network sources that send information about events to the RSA NetWitness® Platform. They can be physical devices, such as laptops, network switches or firewall, and virtual or cloud-based applications, such as VMware. For example:

  • An Apache HTTP Server
  • Amazon Web Services CloudTrail
  • A Barracuda Web Application Firewall
  • A connection to Dropbox
  • An Oracle Database
  • A VMware vCenter Server

You first configure all of your event sources so that they can communicate with the NetWitness Platform. RSA provides configuration guides for many common event sources, using a variety of collection methods (such as Syslog or file collection). After you have your event sources configured, use the information in this guide to manage them going forward.

You are here
Table of Contents > NetWitness Event Sources