AnsweredAssumed Answered

Threat Intelligence Feeds into RSA Netwitness Endpoint

Question asked by Kyle Howson on Jan 24, 2017
Latest reply on Jan 24, 2017 by Jeremy Kerwin

Hello,

 

There are a bunch of lists of IP addresses and Domains from various public and private lists we currently pull into Netwitness Logs and Packets for alerts and looking for threats. 

 

I was hoping to be able to pull some of these same lists into Netwitness Endpoint into the Custom: Bad IP and Custom: Bad Domain but unfortunately all I can find is the import function which is manual and doesn't account for the removal of False Positives, etc like they do in Logs and Packets.

 

Can anyone tell me if there is a way to do this especially in an automated pull just like the RSA Live feed works.

 

Regards,

 

Kyle

Outcomes