Context Hub is a new service in RSA Security Analytics in 10.6 which provide enrichment lookup capability in the Investigation views. The sources for enrichment data include Incident Management, custom lists, and ECAT.
It would be a great help if you would please comment on which may be most useful to your organization and why.
- What type of context is most important for analysts to help their investigations?
- If context is external to SA what type of database connector (e.g. LDAP, Mongo DB, JDBC/ODBC, and REST API) would be most useful.
- Any specific application name in Identity/AD, CMDB, Vulnerability etc. you would like to integrate with SA.
- What type of endpoint data would be valuable to your analysts and integration of it with Context?