Hello,
I would like integrate a custom (third-party) malware analysis tool into the RSA Security Analytics Dashboard and display the analysis results along the results provided by the many options of the Malware Analysis (Spectrum) appliance. I did not find a way to add a custom malware analysis tool, just to enable exiting modules, such as GFI and ThreadGRID sandboxes, static analysis, AVs, etc. What I would like is to integrate a third-party analysis tool and then access the analysis results in the main dashboard of the RSA SA (e.g., under Investigation -> Malware Analysis).
Is this possible in the first place? If yes, is there a public API to achieve this integration? For instance, the Netwitness REST API was very useful in providing access to the incoming content to this third-party malware analysis tool, but I did not find any way to send the analysis results back.
Thank you!
I read a bit more about this and it seems that the integration of third-party malware analysis services into the RSA Security Analytics is done through the syslog format. Does anyone have a pointer on how to configure the RSA Security Analytics appliance to accept logs from a third-party malware analysis appliance? I am fairy to the RSA Security Analytics solution.
Thank you very much,
Cristi