Obtain Incidents and Alerts from NetWitness
what is the best practice to obtain Incidents and Alerts from NetWitness programmaticly?
from REST API or some forward publish (message broker and etc..) API?
for example simple use case:
1. events flow to NetWitness
2. one of the rules create an alert and incident
3. incident and alert sent to 3rd party application, or pulled by query.
- Community Thread
- Forum Thread
- RSA NetWitness Endpoint
- RSA NetWitness Platform