Integrating NetWitness with MISP
Has anyone gone about integrating MISP with NetWitness?
I'm thinking about doing it and would be curious about other people's experiences and workflows.
I see a two way integration:
1) Going Hunting and finding meta that you would store as an event in MISP
2) Indicators stored in MISP being used as Feeds to enrich Meta within NetWitness.
- Community Thread
- Forum Thread
- RSA NetWitness Endpoint
- RSA NetWitness Platform