Get a Demo

RSA Netwitness + D3 Smart SOAR

Filter Out the Noise and Disrupt Real Threats

RSA NetWitness Platform brings together evolved SIEM and threat defense solutions that deliver unsurpassed visibility, analytics, and automated response capabilities. Smart SOAR acts as a unified dashboard for the analysis and investigation of RSA NetWitness incidents, enriching notable incidents and triggering incident-specific automated workflows.

Triage events through D3’s Event Pipeline

Orchestrate response across the entire environment

Add additional enrichment from threat intelligence platforms, MITRE ATT&CK TTPs, and past incidents

Get the D3 Integrations Guide

Benefits and Capabilities

D3’s integration team takes the burden of integrations off your hands by building, maintaining, and upgrading the best possible connections between tools. We have closely studied RSA NetWitness to produce a powerful integration that enables you to:

  • Enhanced journaling and case management, for handling, tracking, and reporting on the full incident response lifecycle
  • Intelligent incident correlation, using Smart SOAR’s embedded MITRE ATT&CK framework
  • Automated SecOps and IR workflows, with actions across other security tools
Flowchart depicting the integration process between RSA NetWitness and D3 Security's Smart SOAR

Use CAse

Notable Event Escalation and Enrichment

By combining RSA NetWitness for threat detection with D3 Smart SOAR for incident enrichment and response, you can automatically escalate real threats to incident status in Smart SOAR and assess their criticality through data enrichment and MITRE ATT&CK matrix correlation. Smart SOAR can then trigger an automated response playbook to address the threat.

  • Filter out false positives before they reach an analyst
  • Act fast to contain and disrupt attacks
  • Update statuses in RSA NetWitness based on Smart SOAR investigations

Use Case

Improved Investigations through Contextual Link Analysis

Once an incident has been ingested, Smart SOAR automatically correlates IOCs—such as source IP/domain, destination IP/domain, file hashes, etc.— and MITRE ATT&CK techniques against threat intelligence, historical incident data, and potential traces of a larger kill chain, painting a complete picture of the threat. An intuitive link analysis dashboard provides analysts with the dexterity and visualizations needed for complex investigations.

  • Run automated queries based on newly identified links
  • Address the entirety of incidents
  • Map incident trends to the MITRE ATT&CK matrix

Why Smart SOAR?

Joint users of RSA NetWitness and D3 Smart SOAR don’t just get automated incident response and investigations, they also get the countless other features that make Smart SOAR the leading independent SOAR solution, including:

Expert-built codeless integrations across the stack

Tier 1–3 automation, based on deep research into the capabilities of common tools

The Event Pipeline, which reduces alert volume by up to 98%

Cross-dimension correlation, which acts across tools, timeframes, TTPs, and artifacts

RSA NetWitness Integration: Summary

Key Details
Feature-rich integration
Developed and maintained by D3
Drag integration into visual playbooks
Test integration from playbook
Bi-directional data sync

Integrations Done the Right Way

An unlimited number of pre-built integrations, expertly maintained by the largest technical team in security automation. Thoroughly researched, tested and built—and delivered for free. Always.

See All Integrations