RSA NetWitness® Orchestrator Supported Interoperabilities

Document created by RSA Link Team Employee on Mar 6, 2018Last modified by RSA Link Team Employee on Dec 21, 2018
Version 15Show Document
  • View in full screen mode
Vendor NameInteroperablity Description 
Active Directory AuthenticationQuery active directory for user and system details using different attributes like email, username, system name etc.
Active Directory QueryQuery active directory for user, computer and other objects in real time from RSA NetWitness Orchestrator's automated playbooks.
AlgoSecRSA NetWitness Orchestrator integrates with AlgoSec BusinessFlow, Firewall Analyzer, and FireFlow.
AlienVault OTXRSA NetWitness Orchestrator integrates with AlienVault OTX to enable data enrichment and IOC hunting. 
Amazon Web ServicesRSA NetWitness Orchestrator integrates with AWS for managing images, snapshots, and instances.
AnomaliRSA NetWitness Orchestrator integrates with ThreatStream for forensics and malware analysis.
BlockadeBlockade brings antivirus-like capabilities to users who run the Chrome browser, blocking malicious resources from being viewed or loaded inside of the browser.
Blue TurtleBlue Turtle is one of South Africa’s leading enterprise technology management companies, focused on IT and Service Management solutions.
BMC RemedyOnDemandRSA NetWitness Orchestrator integrates with RemedyOnDemand for ticket management.
BoxRSA NetWitness Orchestrator integrates with Box to manage Box users.
Carbon Black DefenseNext-generation antivirus + EDR in one cloud-delivered platform that stops range of malware and non-malware attacks.
Carbon Black Enterprise ProtectionReduced risk and exposure by automating response to security incidents and using rich endpoint data from Carbon Black and automated playbooks from RSA NetWitness Orchestrator.
Carbon Black Enterprise ResponseQuery and take action across your enterprise using Carbon Black Live Response from RSA NetWitness Orchestrator's playbooks.
CensysCensys lets researchers find specific hosts and create aggregate reports on how devices, websites, and certificates are configured and deployed.
Check Point FirewallAutomatically update IOC blacklist and change firewall policy from RSA NetWitness Orchestrator Enterprise based on the incident investigation data.
Check Point SandBlastRSA NetWitness Orchestrator integrates with Check Point SandBlast to help prevent malware and zero-day attacks.
Check Point SandBlast ApplianceThis integration allows you to query, upload and download data using Check Point Sandblast on a local gateway.
Cisco AMPAMP continuously analyzes file activity across your extended network, so you can quickly detect, contain, and remove advanced malware.
Cisco CloudLockCloudlock is a cloud-native CASB that helps protect your cloud users, data, and apps.
Cisco Email SecurityRSA NetWitness Orchestrator integrates with Cisco Email Security to protect against ransomware, business email compromise, spoofing, and phishing.
Cisco MerakiRSA NetWitness Orchestrator integrates with Cisco Meraki for device and firewall management.
Cisco SparkRSA NetWitness Orchestrator integrates with messaging platform Cisco Spark for user and team management.
Cisco Threat GridThreat Grid combines advanced sandboxing with threat intelligence into one unified solution to protect organizations from malware.
Cisco Umbrella InvestigateCisco Umbrella Investigate provides a complete view of Internet domains, IP addresses, and systems to pinpoint attackers’ infrastructures and predict future threats.
ConferCollect alerts from Confer and create incidents inside of RSA NetWitness Orchestrator.
Credence SecurityCyber and IT security technologies and solutions that protect organisations against advanced persistent threats, malicious adversaries and internal malpractice.
CrowdStrike Falcon HostAutomatically check reputation of files, URL and IP addresses, query endpoint for rich forensics data and take actions back via RSA NetWitness Orchestrator playbooks and from investigation war-room.
CrowdStrike Falcon IntelAutomatically check reputation of files, URL and IP addresses, query endpoint for rich forensics data and take actions back via RSA NetWitness Orchestrator playbooks.
CrowdStrike Falcon StreamingRSA NetWitness Orchestrator integrates with the Falcon Streaming API to provide a constant source of information for real-time threat detection and prevention.
CuckooAnalyze malware using the open source Cuckoo sandbox via automated playbooks.
CVE SearchRSA NetWitness Orchestrator integrates with CVE Search for vulnerability management. 
CyberArkRSA NetWitness Orchestrator integrates with CyberArk Application Identity Manager for accounts and credentials.
CybereasonThis integration enables search for connections and processes on Cybereason.
CylanceAutomatically check the threat intelligence of files and hashes with the Cylance Inifinity API.
CylanceRSA NetWitness Orchestrator integrates with Cylance Infinity for threat intelligence. 
Cysec Cyber SecurityCysec specializes in information security and data communication, providing integration and consulting for a range of technologies.
Dell SecureWorksRSA NetWitness Orchestrator integrates with Dell SecureWorks to enable ticket management with Dell's Counter Threat Operations Center.
Digital ShadowsDigital Shadows monitors and manages an organization's digital risk across the widest range of data sources within the open, deep, and dark web.
doIT SolutionsdoIT solutions GmbH offers turnkey IT security and networking solutions and handle IT projects from the early stage to conception, implementation, and operation.  
Domain ToolsQuery cyber threat intelligence data about domains, IP and URLs from DomainTools.
DRSICT services and solutions provider specialising in providing innovation and agility in security, risk management and governance. 
Duo AccessDuo is a comprehensive security solution confirms the identity of users and health of their devices before they connect to your applications.
DynTekOptimizing your enterprise through the convergence of business and IT strategy.
ElasticsearchRun custom and pre-defined queries against your Elasticsearch instance to look for IOC, analyze logs or other tasks.
EndgameEndgame enables endpoint protection built to stop advanced attacks before damage and loss occurs.
EWSSearch and delete malicious email using EWS API from within RSA NetWitness Orchestrator playbooks.
ExabeamAutomatically enrich incident data with user risk score and complete session details from Exabeam and trigger responses to watchlist based on investigation.
F5 NetworksRSA NetWitness Orchestrator integrates with F5 for firewall policy management.
Farsight SecurityRSA NetWitness Orchestrator integrates with Farsight Security to access real-time and historical Passive Domain Name System data.
FireEye AXRSA NetWitness Orchestrator integrates with FireEye AX for malware analysis. 
FireEye iSightRSA NetWitness Orchestrator integrates with FireEye iSight for threat intelligence.
Forcepoint CASBRSA NetWitness Orchestrator integrates with Forcepoint CASB to provide visibility and control over sanctioned and unsanctioned cloud apps.
Forcepoint TritonAutomatically whitelist and blacklist web URLs in Forcepoint Triton from within RSA NetWitness Orchestrator playbooks.
GiphyRSA NetWitness Orchestrator integrates with Giphy for displaying GIFs in the War Room to enhance discussions.
Google AppsRSA NetWitness Orchestrator integrates with both GSuite and Admin API for authentication and messaging.
GRRRSA NetWitness Orchestrator integrates with GRR to enable Rapid Response framework for investigations.
GuardiCoreRSA NetWitness Orchestrator integrates with GuardiCore to provide data center breach detection.
Guidance EnCaseRSA NetWitness Orchestrator integrates with EnCase to request scans of specific endpoints.
Have I Been Pwned?RSA NetWitness Orchestrator integrates with Have I Been Pwned? to check whether emails or domains have been compromised in recent breaches.
IBM XFECheck for reputation of IP addresses, URL and files using IBM X-Force exchange database from automated playbooks and war-room.
IcebrgIcebrg reduces risk by accelerating threat detection, triage, and response to rapidly-evolving breaches across global networks.
iDefenseRSA NetWitness Orchestrator integrates with iDefense for contextual, timely, and actionable security intelligence. 
ImpervaRSA NetWitness Orchestrator integrates with Incapsula to manage sites and IPs.
IntsightsIntSights delivers rapid, accurate cyberthreat intelligence and incident mitigation in real time.
ipinfoRSA NetWitness Orchestrator  integrates with the API to get data about an IP address.
IsItPhishingCollaborative web service that provides validation on whether a URL is a phishing page.
JamfRSA NetWitness Orchestrator integrates with Jamf for comprehensive device management.
Jira SoftwareRSA NetWitness Orchestrator integrates with Jira for ticket management.
Joe Security SandboxRSA NetWitness Orchestrator integrates with Joe Security Sandbox to automate detonation and malware analysis. 
KafkaKafka is an open-source distributed streaming platform.
KennaKenna is a Risk Intelligence & Vulnerability platform that enables InfoSec teams to prioritize and remediate vulnerabilities faster.
KoodousCheck Android app samples against the Koodous API using this integration.
Lastline AnalystRSA NetWitness Orchestrator integrates with Lastline Analyst for advanced malware isolation and inspection.
LockpathRSA NetWitness Orchestrator integrates with Keylight, an enterprise GRC platform with tools for managing risk and compliance.
LogRhythmCreate incidents from alarms in Logrhythm automatically and search for logs from within RSA NetWitness Orchestrator interface.
Mail ListenerAutomatically create incidents from the emails in a security mailbox. Custom parsers can trigger different types from same mailbox.
Mail SenderAutomatically send notification emails for task assignment, incident assignment or other actions from RSA NetWitness Orchestrator.
MalwrAnalyze files using the Malwr sandbox using this integration. 
McAfee Active ResponseRSA NetWitness Orchestrator integrates with McAfee Active Response for comprehensive endpoint detection and response.
McAfee Advanced Threat DefenseRSA NetWitness Orchestrator integrates with McAfee Advanced Threat Defense for protection against stealthy, zero-day malware.
McAfee DAMRSA NetWitness Orchestrator integrates with McAfee Database Activity Monitoring for real-time, reliable protection for business-critical databases.
McAfee ePORSA NetWitness Orchestrator integrates with McAfee ePolicy Administrator for unified policy management.
McAfee ESMImport critical alerts from McAFee ESM as incidents into RSA NetWitness Orchestrator and automate response actions.
McAfee NSMRSA NetWitness Orchestrator integrates with McAfee NSM for simple, centralized control for distributed network security appliances.
McAfee Threat Intelligence ExchangeRSA NetWitness Orchestrator integrates with McAfee Threat Intelligence Exchange to optimize threat detection and response. 
McAfee Web GatewayMcAfee Web Gateway delivers high-performance web security through an on-premises appliance that can be deployed both as dedicated hardware and a virtual machine.
Micro FocusMicro Focus (specifically, ArcSight) integrates with RSA NetWitness Orchestrator through its ESM SIEM and events logger, allowing seamless creation and update of events.
Micro Focus Service Support ManagerRSA NetWitness Orchestrator integrates with Micro Focus Service Support Manager for automated IT Service Management.
Microsoft SQL ServerThis integration enables queries to the MSSQL server.
MimecastRSA NetWitness Orchestrator integrates with Mimecast for unified email management.
MISPRSA NetWitness Orchestrator integrates with the Malware Information Sharing Platform for threat information sharing.
MolochMoloch is a large scale, open source, full packet capturing, indexing, and database system.
MXToolBoxThis integration enables access of MX records, DNS, blacklists and SMTP diagnostics in one integrated tool.
MySQLRun SQL queries for gathering rich information against any MySQL database.
NavilogicNavilogic is a dedicated team of experienced, certified professionals with deep knowledge of enterprise and IT programs, services and technologies.
NessusNessus is a vulnerability scanner for auditors and security analysts by Tenable Network Security.
nmapRSA NetWitness Orchestrator integrates with nmap to run scans with the given parameters.
OktaRSA NetWitness Orchestrator integrates with Okta's cloud based identity management service.
OpenPhishOpenPhish uses proprietary AI algorithms to automatically identify zero-day phishing sites and provide actionable, real-time threat intelligence.
OpsGenieRSA NetWitness Orchestrator integrates with OpsGenie for alerting and incident management for Dev and Ops teams.
OPSWAT MetadefenderThe Metadefender multi-scanning engine uses 30+ anti-malware engines to scan files for threats, significantly increasing malware detection.
OSXCollectorCollect rich forensics data from Mac OSX endpoints using the RSA NetWitness Orchestrator and OSXCollector integration.
PagerDutyGet user on call or trigger PagerDuty alerts from RSA NetWitness Orchestrator .
Palo Alto AutoFocusRSA NetWitness Orchestrator integrates with AutoFocus for threat intelligence, analysis, and prevention workflows.
Palo Alto LightCyber MagnaRSA NetWitness Orchestrator's integration with LightCyber empowers you to stop active attackers and malware operating inside your network.
Palo Alto PanoramaRSA NetWitness Orchestrator integrates with Palo Alto Panorama for network security and firewall management.
Palo Alto WildFireAutomate data enrichment and analysis with RSA NetWitness Orchestrator's playbooks and Palo Alto Networks' WildFire.
Payload SecurityRSA NetWitness Orchestrator integrates with VxStream Sandbox from Payload Security for fully automated malware analysis.
PerformantaPerformanta, the global purple tribe, delivering the bedrock of quality managed cyber security services and consulting to our customers, enabling them to do business safely.
PhishMeRSA NetWitness Orchestrator integrates with PhishMe for human-vetted, phishing-specific threat intelligence.
PhishTankRSA NetWitness Orchestrator integrates with PhishTank to check URL reputation.
PiplAutomatically search for people details based on various attributes like email.
PostgreSQLThis integration allows users to query the PostgreSQL database.
ProtectWiseRSA NetWitness Orchestrator playbooks use data collected by ProtectWise for hunting file, IP, domain and other indicators, enabling fast and accurate responses to incidents.
QRadarQRadar from IBM Security is an integrated analytics platform that streamlines critical capabilities into common workflows and helps increase analyst efficiency.
QualysRSA NetWitness Orchestrator integrates with Qualys for network security and vulnerability management.
Rapid7 NexposeCollect vulnerability data and initiate incidents upon discovery of major vulnerabilities in sensitive systems.
RekallConduct memory analysis using Rekall with real-time interactive ChatOps.
RemoteAccessUse SSH and WMI to run actions on compromised endpoints via automated playbooks or from investigation war-room.
RiskIQ PassiveTotalRSA NetWitness Orchestrator integrates with PassiveTotal from RiskIQ for threat infrastructure analysis from a variety of sources.
RSA ArcherRSA NetWitness Orchestrator integrates with RSA Archer for policy management.
RSA NetWitnessRSA provides an evolved SIEM and threat defense offering to overcome SOCs' biggest challenges through automation and response.
rSolutionsrSolutions is a leading cyber security firm strategically aligned with best of breed security vendors to assist clients in securing their enterprises.
SalesforceRSA NetWitness Orchestrator integrates with Salesforce CRM Services for object management.
SAMLSingle sign-on support for any SAML 2.0 supported provider.
SayersSayers provides customers with the right IT solutions, including cloud and virtualization, data center storage, security, mobility, and professional services.
SecdoSecdo's automated incident response platform hunts threats in real time and delivers an endpoint detection and response solution.
Secure ControlsSecureControls makes IT Security more effective, easier, and more efficient.
SentinelOneCollect high severity alerts and run advanced queries against endpoints from RSA NetWitness Orchestrator server.
ServiceNowCreate and update tickets from RSA NetWitness Orchestrator playbooks automatically.
ShodanShodan is a search engine for Internet-connected devices integrated with RSA NetWitness Orchestrator for data enrichment.
SlackSend notifications to Slack (direct messages and channels) for new incidents, assigned incidents and assigned tasks from RSA NetWitness Orchestrator.
SMSAM SystemsLeading pan-African cybersecurity consultancy partnering with large financial services firms and businesses across other verticals.
SplunkImport critical alerts as incidents and search for relevant data from RSA NetWitness Orchestrator.
Sumo LogicRSA NetWitness Orchestrator integrates with Sumo Logic to provide a cloud-based service for logs and metrics management.
Symantec ATPRSA NetWitness Orchestrator integrates with Symantec ATP for advanced threat protection.
Symantec Endpoint ProtectionArtificial intelligence fused with critical endpoint technologies deliver the most complete endpoint security on the planet.
Symantec MSSLeverage the power of Symantec Managed Security Services for continual threat monitoring and 24x7 customized guidance.
TaniumSearch and run queries against Tanium server from playbooks or via ChatOps enabled war-room within RSA NetWitness Orchestrator.
TCPIPUtilsRSA NetWitness Orchestrator integrates with TCPIPUtils for comprehensive enrichment and reputation checks for domains, IPs, and providers.
Threat CentralAutomatically enrich incidents with latest intelligence from Threat Central for IP address, URL and other indicators.
Threat CrowdRSA NetWitness Orchestrator's integration with Threat Crowd enables report queries on a wide variety of indicators.
ThreatConnectRSA NetWitness Orchestrator integrates with ThreatConnect to find threats, evaluate risk, and mitigate harm to your organization.
ThreatExchange by FacebookLearn more about threats & make your systems safer with the ThreatExchange API by Facebook, within RSA NetWitness Orchestrator playbooks.
Trend MicroRSA NetWitness Orchestrator integrates with Trend Micro to help eliminate security gaps across any user activity and endpoint.
TwilioTwilio is a cloud communication platform for building messages applications at scale.
urlscan.ioRSA NetWitness Orchestrator integrates with to help scan websites for reputation.
VectraVectra AI uses data science, machine learning, and human proficiency to provide automated threat detection, triage and correlation 24/7 across the entire enterprise.
VenafiRSA NetWitness Orchestrator integrates with Venafi for key management and certificate management actions.
VerodinThis integration allows users to manage Verodin simulations and topology.
Virus TotalCheck for reputation of IP addresses, URL and files using VirusTotal database from automated playbooks and war-room.
VMRayRSA NetWitness Orchestrator integrates with VMRay for agentless threat analysis and detection.
VMWare vCenter ServerVMware vCenter Server is a centralized management application that lets you manage virtual machines and ESXi hosts centrally.
VolatilityUse volatility to analyze memory dumps for infected systems as part of playbook automations or interactive ChatOps commands.
WhoisEnrich all the indicators related to an incident with the relevant whois information automatically.
Zendesk Help CenterIntegrated help with knowledge base articles available within RSA NetWitness Orchestrator.
Zscaler Cloud SecurityZscaler is a cloud security solution built for performance and flexible scalability.