Good day,
Please confirm that RSA SA supports these devices as an event source:
1. Cisco Nexus Data Broker (CNDB) 3.3; I do see somewhere on the supported devices that it supports Cisco Nexus but that is different from Cisco Nexus Data Broker
2. Cisco Data Center Network Manager (DCNM)
Thank you.
what is the logging format of these devices?
Syslog or CEF format ?
If CEF, common meta will be extracted and custom meta can be added with the cef-custom.xml function in NW11.0/10.6.4.X
If syslog there may be some extraction with the existing CISCO parsers depending on format.
Custom Parsers can be written if needed with the release of the 1.0 Event Source Log Parser
RSA NetWitness Log Parser Tool v1.1 Release Notes
Provide sample log files to validate (sanitize internal IP or hostnames if required)