Endace packet capture integration with Netwitness
Does anyone have experience with the Endace packet capture solution and integration with Netwitness? If so, how does it integrate and how well does it work? They talk about Splunk and Firepower integration. We got the sales pitch now I am trying to look a bit deeper into its viability.
Institute for Defense Analyses
Have you looked at the Netwitness Packets Appliance and it's capabilities? It obviously has direct integration with the Netwitness Logs product.
As for Endace, the Splunk Fusion connector for Endace is a pre-packaged set of queries that can be issued against Endace's REST API. The RSA Netwitness product also has the ability to create queries to other external systems. Splunk is a good example. There is an RSA Context Menu Action plugin for Splunk and there is a similar type plugin from Splunk to Netwitness.
You can use this as an example. It's a good write-up and example of RSA's Splunk plugin can be found here https://community.rsa.com/community/products/netwitness/blog/2016/09/16/context-menu-splunk-pivot