Respond Config: Manage Incidents in NetWitness SecOps Manager

Document created by RSA Information Design and Development on Sep 13, 2017Last modified by RSA Information Design and Development on Oct 6, 2017
Version 8Show Document
  • View in full screen mode
 

If you want to manage incidents in RSA NetWitness® SecOps Manager instead of NetWitness Respond, you have to configure system integration settings in the Respond Server service Explore view. After you configure the system integration settings, all incidents are managed in NetWitness SecOps Manager. Incidents created before the integration will not be managed in NetWitness SecOps Manager.

Caution: If you are managing incidents in NetWitness SecOps Manager instead of NetWitness Respond, do not use the following in the Respond view: Incidents List view, Incident Details view, and Tasks List view. Do not create incidents from the Respond Alerts List view or from Investigate.

Prerequisites

  • NetWitness SecOps Manager 1.3.1.2 (NetWitness Suite11.0 will only work with NetWitness SecOps Manager 1.3.1.2.)

Procedure

Follow this procedure to configure Respond Server service settings to manage incidents in NetWitness SecOps Manager.

  1. Go to ADMIN > Services, select the Respond Server service, and select Actions icon > Config > Explore.
  2. In the Explore view node list, select respond/integration/export.
    Respond Server Explore view showing settings for NetWitness SecOps Manager integration
  3. In the archer-exchange-name field, type the NetWitness SecOps Manager exchange name.
    You will see a notice that the configuration was successfully updated.
  4. In the archer-sec-ops-integration-enabled field, select true.
    You will see a notice that the configuration was successfully updated.
    Incidents will be managed exclusively in NetWitness SecOps Manager.
Previous Topic:Obfuscate Private Data
You are here
Table of Contents > Additional Procedures for Respond Configuration > Manage Incidents in NetWitness SecOps Manager

Attachments

    Outcomes