I'm using NetWitness 11.0.
Is there any API to perform queries that will return if the query subject is linked to an event or alert or task?
For example if ip.src = 18.104.22.168 is linked to some event or alert?
- Community Thread
- Forum Thread
- REST API
- RSA NetWitness
- RSA NetWitness Platform
To the best of my knowledge the REST interface is currently for the core services only. This means you can run queries via REST only against the brokers, concentrators, decoders and archivers. You can't run it against Response, Reporting Engine or Event Stream Analysis.
Evyatar & Nikolay,
Some new information was given to me about the new API in 11.1. You can find it here: NetWitness Suite API User Guide for Version 11.1. It looks to be for accessing the Response service. So any alerts/incidents can be accessible via this API in 11.1. You may be able to use this API to find what you are looking for.