Integrating Security Analytics and 3rd Party Security Tools

Discussion created by rob.davis on Aug 9, 2013
Latest reply on Apr 3, 2014 by huan zhou

RSA recently updated NetWitness and changed the product name to Security Analytics. NetWitness used a Windows-based client for investigation of network sessions. Security Analytics adds the ability to conduct investigations via a new web interface. Many other security tools (SIEM, IPS, threat feeds, etc.) use a web interface. Critical Start just released version 2 of our Threat Analytics Search extension for Chrome that allows integration of 3rd party (web GUI) security tools with RSA Security Analytics. It's only available in Chrome because we think that is the most secure browser. The Chrome Extension can be added from the Google Chrome Store at


If you aren't familiar with the extension, it can be summarized as a:

Tool for security analysts, malware hunters, and incident responders that allows the use the of right-click menu in Chrome to conduct single or group searches for selected text such as file hash, IP address, or domain. The extension reduces time analysts spend visiting the same websites repeatedly to gather information about IP addresses, websites, file hashes, and domains.


The SA web GUI is shown below.  The extension will automatically configure if you copy and paste the base investigation URL as shown below.  For a manual configuration you will need the fully qualified domain name (IP address), HTTP or HTTPS, and device ID.



Paste the URL in the text box shown below highlighted in yellow.



You can create your own pivots (queries) or just use the defaults Critical Start supplied.



An example of the extension in action can be seen in the screen shot below showing FireEye integration with Security Analytics.  The Critical Start integration with FireEye and Security Analytics gives more options that what FireEye provides.


Hundreds of companies are using our tool.  We hope you like it!  If not, send me feedback at