Version: 1.0.1

NetWitness is an Evolved SIEM and Open XDR platform that accelerates threat detection and response.

Connect Netwitness with LogicHub

A connection needs to be saved to use Netwitness integration.

  1. Navigate to Automations > Integrations.
  2. Search for Netwitness.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Enter a connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Remote Agent: Run this integration using the LogicHub Remote Agent.
    • Username: Username to access Netwitness.
    • Password: Password to access Netwitness.
  4. After you've entered all the details, click Connect.

Actions for Netwitness

Execute SDK Command

Get result for SDK commands. For example: query, packet and session

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name




Jinja-templated text containing the params to pass in query. For example: '{"force-content-type":"text/plain","msg":"query","query":"select *","size": "1"}'



JSON containing the following items:

  "data": {
  "error": null,
  "has_error": false

Release Notes

  • v1.0.1 - Added 1 new action: Execute SDK Command.

Did this page help you?