Security Orchestration with CyberSponse & Swimlane
“Security vendors like …. RSA Security, are adding automation capabilities to security analytics platforms to increase operational efficiency and reduce response times.” according to a recent report from Forrester. (Reduce Risk And Improve Security Through Infrastructure Automation published June 8, 2017)
It is possible to automate the security “grunt work.” RSA NetWitness team is working to do just that by integrating with vendors like Swimlane and CyberSponse, both of which are RSA Ready Partners.
Vendors like Swimlane are building standalone SAO tools - security middleware to connect disparate device types which when integrated with RSA NetWitness becomes even more powerful. Check out the Press Release for Swimlane and the Integration Guide.
CyberSponse continues to simplify Security Operations by announcing Interoperability & Out-of-the-Box Connectors for the RSA NetWitness® Product Suite. Check out the Press Release: Press Release for CyberSponse and the Integration guide.
More to come to eliminate the security "grunt work" and make it easier to secure your enterprises from the RSA Ready Partner team.
- Community Thread
- Forum Thread
- RSA NetWitness
- RSA NetWitness Platform
thanks mary. What is the full capability of querying data? For instance, when querying for packets and/or logs, can swimlane automatically detect the last event that the system sent (via log query, or querying the event source DB)?
The capabilities are to receive a syslog alert from NetWitness and to query NetWitness for a given IP address or given timeframe. The latter two can be kicked off by a by either a manual or workflow-related trigger on the Swimlane side.
Please see the implementation guide for more details and continue to ask questions.