what is the best practice to obtain Incidents and Alerts from NetWitness programmaticly?
from REST API or some forward publish (message broker and etc..) API?
for example simple use case:
1. events flow to NetWitness
2. one of the rules create an alert and incident
3. incident and alert sent to 3rd party application, or pulled by query.