Skip to main content


This Script is part of the RSA NetWitness Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.9.0 and later.

Use this script to get RAW log. Each RSA NetWitness log contains the eventsource meta that contains an IP address that can be requested using RSA NetWitness Packets and Logs. This log is after set in the field rsarawlogslist.

Script Data#

Script Typepython3


This script uses the following commands and scripts.

  • netwitness-query
  • RSA NetWitness Packets and Logs
  • netwitness-packets

Used In#

This script is used in the following playbooks and scripts.

  • rsaalerts


There are no inputs for this script.


There are no outputs for this script.

Script Examples#

Example command#


Context Example#

"RSA Alerts": [
"created": "2023-07-03T11:04:16.408Z",
"detail": null,
"events": [
"destination": {},
"eventSource": "",
"eventSourceId": "12123434",
"source": {}
"id": "123456789",
"riskScore": "50",
"source": "NetWitness Investigate",
"title": "Incident name",
"type": "Log",