API to integrate third-party malware analysis tool into RSA Security Analytics Dashboard
I would like integrate a custom (third-party) malware analysis tool into the RSA Security Analytics Dashboard and display the analysis results along the results provided by the many options of the Malware Analysis (Spectrum) appliance. I did not find a way to add a custom malware analysis tool, just to enable exiting modules, such as GFI and ThreadGRID sandboxes, static analysis, AVs, etc. What I would like is to integrate a third-party analysis tool and then access the analysis results in the main dashboard of the RSA SA (e.g., under Investigation -> Malware Analysis).
Is this possible in the first place? If yes, is there a public API to achieve this integration? For instance, the Netwitness REST API was very useful in providing access to the incoming content to this third-party malware analysis tool, but I did not find any way to send the analysis results back.
- Community Thread
- Forum Thread
- RSA NetWitness
- RSA NetWitness Platform
I read a bit more about this and it seems that the integration of third-party malware analysis services into the RSA Security Analytics is done through the syslog format. Does anyone have a pointer on how to configure the RSA Security Analytics appliance to accept logs from a third-party malware analysis appliance? I am fairy to the RSA Security Analytics solution.
Thank you very much,
Thanks a lot for looking into this. I do understand there is no API to integrate into the Security Analytics dashboard, however I heard there it is possible to integrate to a lesser extent the results from third-party tools like anti-viruses (probably via syslog). Is this accurate? If yes, it would be great if you had a pointer to the relevant documentation.
Thanks a lot for your help!