Integration steps (RSA NetWitness)
April 11, 2024
ID 167741
This chapter describes how to integrate Kaspersky CyberTrace with RSA NetWitness.
About the integration schemes
The recommended integration scheme for integrating Kaspersky CyberTrace with RSA NetWitness is the standard integration scheme.
How to integrate with RSA NetWitness
Before you start to integrate Kaspersky CyberTrace with RSA NetWitness:
- Before you install Kaspersky CyberTrace, make sure that the RSA NetWitness services meet the software requirements.
- Make sure that you have installed Kaspersky CyberTrace.
To integrate Kaspersky CyberTrace with RSA NetWitness:
- Step 1. Configure RSA NetWitness so that it will forward the received events to Kaspersky CyberTrace Service.
- Step 2. Configure RSA NetWitness to receive events from Kaspersky CyberTrace Service.
- Step 3 (optional). Import a meta group for browsing all fields in RSA NetWitness that are filled by Kaspersky CyberTrace Service.
- Step 4 (optional). Import the Kaspersky CyberTrace Service rules to RSA NetWitness.
- Step 5 (optional). Import a preconfigured report to RSA NetWitness.
This step requires importing Kaspersky CyberTrace Service rules (Step 4).
- Step 6 (optional). Import preconfigured charts and a dashboard to RSA NetWitness.
This step requires importing Kaspersky CyberTrace Service rules (Step 4).
- Step 7. Perform the verification test.
Please make sure you perform the verification test before editing any matching process settings.