RSA SA alerts pushed to RSA Orchestrator
i would like to achieve, without rules on ESA , alerts need to be pushed to orchestrator
example:- all malicious url which is represented by SA , need automate to check URL reputation in rsa orchestrator
Can anyone help please
- Community Thread
- Forum Thread
- NetWitness Orchestrator
- RSA NetWitness
- RSA NetWitness Orchestrator
- RSA NetWitness Platform
Hi Abu -
There are a few ways you could accomplish this.
1. Creating Incidents within Respond (v11.x) manually using either session or log data, and then configuring Orchestrator to pull all new Incidents.
2. Use the Reporting Engine to generate the Incident instead of creating the Incident manually.
Would either of those work for you?
Are you trying to push things to Orchestrator manually or automatically?