Integration steps (RSA NetWitness)

This chapter describes how to integrate Kaspersky CyberTrace with RSA NetWitness.

About the integration schemes

The recommended integration scheme for integrating Kaspersky CyberTrace with RSA NetWitness is the standard integration scheme.

How to integrate with RSA NetWitness

Before you start to integrate Kaspersky CyberTrace with RSA NetWitness:

• Before you install Kaspersky CyberTrace, make sure that the RSA NetWitness services meet the software requirements.
• Make sure that you have installed Kaspersky CyberTrace.

To integrate Kaspersky CyberTrace with RSA NetWitness:

• Step 1. Configure RSA NetWitness so that it will forward the received events to Feed Service.
• Step 2. Configure RSA NetWitness to receive events from Feed Service.
• Step 3 (optional). Import a meta group for browsing all fields in RSA NetWitness that are filled by Feed Service.
• Step 4 (optional). Import the Feed Service rules to RSA NetWitness.
• Step 5 (optional). Import a preconfigured report to RSA NetWitness.

  This step requires importing Feed Service rules (Step 4).

• Step 6 (optional). Import preconfigured charts and a dashboard to RSA NetWitness.

  This step requires importing Feed Service rules (Step 4).

• Step 7. Perform the verification test.

  Please make sure you perform the verification test before editing any matching process settings.