Here are some updated links:
Splunk Technology Integration to RSA Netwitness (Security Analytics) (Event Source Configuration) (which then integrates to RSA Archer Security Operations & Breach Management):
RSA Netwitness Integration to RSA Archer (with Unified Collector Framework UCF):
RSA Archer Use-Cases Documentations:
RSA Archer Community:
RSA Archer Documentation & Downloads:
RSA Archer Community News Update:
Now Integration between Splunk and RSA Archer is available. You can make use of the RSA Security Operations Solutions solution to integrate Splunk and RSA Archer.
Records will be created in the Security Incidents, Security alerts application in RSA Archer.
RSA Archer Security Operations Management helps you do the following:
a>Prioritize and respond faster to security incidents by leveraging business context and actionable threat intelligence.
b>Engage key business and IT stakeholders in the incident management process
c>Simplify incident investigation and breach response procedures through industry best practice methodologies and response procedures.
d>Optimize SOC investments through SOC KPI (key performance indicators)monitoring and staff time management tracking.
Also customers can make use of the Devices application present in the Enterprise management solution to add more business context for the devices, mention the criticality of the device, link the device to the Business Unit and have full fledged enterprise solution integrated with RSA SecOps solution.
More information about the integration can be found in the following link:
To know more about RSA Security Operations Management solution refer to the following link:
Thank you for sharing the information.
However, the link is not available now.
Could you please update the link? This subject is very intresting for us as a client of Archer.
Thank you very much.
This really becomes a programming question because both tools have a web API, so you just need to be able to interface with them. Splunk uses a REST API but has a good development kit to make things easier, and Archer uses a SOAP API.
A good place to start is the Splunk SDK:
And here is the Archer documentation:
Adding records to Archer is slightly more complicated than pulling them out of Splunk, but essentially you just create a session token (general.CreateUserSessionFromInstance) and then add a record (record.CreateRecord) with your fields.