This section describes the standard integration scheme for RSA NetWitness and Kaspersky CyberTrace.
About the components of the standard integration scheme
The following components are used in the standard integration scheme for RSA NetWitness:
This service matches RSA NetWitness events against Kaspersky Threat Data Feeds.
The SIEM solution used in this integration.
These are sources of events for RSA NetWitness such as firewalls, proxies, intrusion detection systems, and other networking devices.
Security controls can send events to RSA NetWitness by any method supported by RSA NetWitness.
Standard integration scheme
In the standard integration scheme, Feed Service by default is configured to listen for incoming events from RSA NetWitness on 127.0.0.1:9999
.
Feed Service sends detection events to IP address 127.0.0.1
and port 514
of the interface defined in RSA configuration. The address of this interface is specified when you install Kaspersky CyberTrace. Security controls also send events to port 514 of the interface defined in the RSA NetWitness configuration.
Standard integration scheme for RSA NetWitness