How to integrate Kaspersky Threat Data Feeds with RSA NetWitness

 

Kaspersky Threat Data Feeds

 
 
 
 

How to integrate Kaspersky Threat Data Feeds with RSA NetWitness

Back to article list
Latest update: November 21, 2019 ID: 13855
 
 
 
 

Kaspersky offers the two ways of integrating Kaspersky Threat Data Feeds with RSA NetWitness: by using either Kaspersky CyberTrace or Kaspersky Threat Feed App for RSA NetWitness.

Kaspersky CyberTrace

The recommended way of integrating is to use Kaspersky CyberTrace. Kaspersky CyberTrace for RSA NetWitness (SIEM connector) allows you to check URLs, file hashes, and IP addresses contained in events that arrive in RSA NetWitness. The URLs, file hashes, and IP addresses are checked against threat data feeds from Kaspersky (or other vendors) or against sources loaded to CyberTrace. During the matching process, Kaspersky CyberTrace determines the indicator category and generates an event supplemented with actionable context.

To install the SIEM connector for RSA NetWitness:

  1. Download Kaspersky CyberTrace for RSA NetWitness.
  2. Follow the instructions in the product documentation to install the package.

Download Kaspersky CyberTrace for RSA NetWitness:

  • The .rpm file for Linux can be downloaded here
  • The .deb file for Linux can be downloaded here
  • The .tgz file for Linux can be downloaded here

Kaspersky Threat Feed App for RSA NetWitness

Also, you can use Kaspersky Threat Feed App for RSA NetWitness which is the application that allows you to match observables from events received by RSA NetWitness against Kaspersky Threat Data Feeds using SIEM built-in capabilities (without CyberTrace).

Kaspersky Threat Data Feeds are downloaded and converted to a format that can be imported to RSA NetWitness. After that, RSA NetWitness can match fields of events received by RSA NetWitness against indicators contained in Kaspersky Threat Data Feeds. If a match is detected, RSA NetWitness will add context from the corresponding Kaspersky Threat Data Feeds record to the matched event that contains this IoC.

You can download Kaspersky Threat Feed App for RSA NetWitness:

  • The documentation file can be downloaded here
  • The .tgz file for Linux can be downloaded here
 
 
 
 
Was this information helpful?
Yes No
Thank you
 
 
 

 
 

How can we improve this article?

Your feedback will be used for content improvement purposes only. If you need assistance, please contact technical support.

Submit Submit

Thank you for your feedback!

Your suggestions will help improve this article.

OK