Is there any official solution to send RSA DLP events and/or incidents to NetWitness or Archer ? In Archer I can import reports or connect to the database (with a data-feed), but that would be more a "home made" solution.
There is a documentation available on Netwitness that will guide you how to configure DLP as an event source.
You will find also the configuration steps on how to send DLP incidents to Netwitness log Decoder or Netwitness Suite remote log collector.
Please find the below link that will help you doing so.
RSA Data Loss Prevention Suite Event Source Configuration Guide
Not sure if there is any guide available from the Archer side.You can check on Archer Discussion group.
Hi Anibal Giacomini,
Unfortunately, there is not documentation available on how you can configure DLP incidents and events to be forwarded to Archer or Netwitness. DLP can only send syslog events to syslog server but not incidents\events.
Thanks everyone. I will try the solution suggested by Mohamed Tarek.
Retrieving data ...