What is Cloud Link Service

NetWitness Cloud Link Service enables you to use the NetWitness Detect AI solution and its features by providing a secure transportation mechanism between existing RSA NetWitness Platform hosts (Log Decoders) and the NetWitness Detect AI service. For example: to perform analytics on the NetWitness Detect AI, you must install and register the Cloud Link Service on at least one Log Decoder host.

Cloud Link service is a sensor that you must install and register on your on-premise host to:

  • Transfers metadata from the host (such as Log Decoders) in your on-premise deployment to the NetWitness Detect AI for analysis and investigation
  • Transfer alerts generated in NetWitness Detect AI to your on-premise NetWitness Platform Respond server for incident management

You can install Cloud Link Service on the following host types:

  • Log Decoder
  • Log Hybrid
  • Endpoint Log Hybrid
  • Log Hybrid Retention

Note:

  • Cloud Link Service and the hosts must be on version 11.5.2 or later.
  • You need a separate Cloud Link Service to be installed for each host.
  • To support endpoint-related queries, Cloud Link Service must be on version 11.7.1 or later.

This section provides information on how data is transferred using Cloud Link Service:

Single Deployment: Data Transfer Data transfer

  1. Cloud Link Service fetches all the metadata from the host. For example: Log Decoder.
  2. The Cloud Link Service filters these metadata based on the following queries:
    • Active Directory
    • Authentication
    • File
    • Process
    • Registry
  3. Cloud Link Service collects only matching metadata, compresses the matching metadata, and transfers it to NetWitness Detect AI through a secure channel.

Note: Cloud Link Service ensures that no data is lost during temporary network issues or outages. If the outage lasts for more than 7 days, then the data older than 7 days will not be considered.

Multiple Deployment: Data Transfer

flow 2

Data Transfer from NetWitness Detect AI

NetWitness Detect AI transfers the alerts generated to the on-premise NetWitness Platform Respond server which can be viewed on the user interface for incident management.

flow 3


Submit Feedback
© 2020 RSA Security LLC or its affiliates. All Rights Reserved.