RSA Netwitness Integration

XGEN SOAR Integration

D3 acts as a unified dashboard for the analysis and investigation of RSA NetWitness incidents, enriching notable incidents with correlated MITRE ATT&CK matrix techniques, threat intelligence, and historical incident data. From D3, NetWitness users not only benefit from automation and orchestration-powered response workflows but also robust investigative case management and reporting toolsets.
RSA NetWitness Integration

Download Integration Guide



Integration features

1
Enhanced journaling and case management, for handling, tracking, and reporting on the full incident response lifecycle
2
Automated SecOps and IR workflows, with actions across 500+ other security tools
3
Intelligent incident correlation, using D3’s embedded MITRE ATT&CK framework

Key Use Case

RSA NetWitness Integration

#1: Notable Event Escalation and Enrichment

By combining RSA NetWitness for threat detection with D3 SOAR for incident enrichment and response, you can automatically escalate real threats to incident status in D3 and assess their criticality through data enrichment and MITRE ATT&CK matrix correlation. D3 can then trigger an automated response playbook or guide human analysts efficiently through manual steps, all within a single window.
RSA NetWitness Integration

#2: Improved Investigations through Contextual Link Analysis

Once an incident has been ingested, D3 automatically correlates IOCs—such as source IP/domain, destination IP/domain, file hashes, etc.— and MITRE ATT&CK techniques against threat intelligence, historical incident data, and potential traces of a larger kill chain, painting a complete picture of the threat. An intuitive link analysis dashboard provides analysts with the dexterity and visualizations needed for complex investigations.
X RSA NetWitness Integration