List view
Quick Start
Quick Start
User Guide
User Guide
Policies & GuardRails
Policies & GuardRails
Witness Anywhere: Remote Device Security
Witness Anywhere: Remote Device Security
Witness Attack
Witness Attack
Administrator Guide
Administrator Guide
Configuration
API Keys
API Keys are for using the WitnessAI API.
- Give it a Key Name.
- Choose an Expiration Date.
- Click Generate user key button.
- Click the Copy icon. The API key will be copied to your system clipboard, and the following dialog will display.
- Immediately save the key in a safe location, like a secrets manager or a password manager. After you navigate away from the API Keys page, you will not be able to access or copy any API keys again.
Only users with Super Admin role are able to access API keys after they have been created and the page is exited.
- Super Admin users can copy any active or expired API key by clicking the copy icon in the API key’s “Actions” column.
Models
Proxy Configuration (PAC)
Download Scripts
SIEM Integrations
- Choose your SIEM from the drop-down. Exabeam for example, as shown in the screenshot above.
- Enter the Exabeam Index to send WitnessAI events to. Note the index must exist prior to configuring WitnessAI to send events to Exabeam. WitnessAI does not create the index.
- Enter the endpoint URL into the URL field.
- Enter your Authentication Token.
- Choose your Synchronization Frequency in seconds.
- Choose which events to forward to your SIEM. Prompts & Alerts or Alerts Only.
- To send Audit Logs to your SIEM, click the checkbox next to “Include Audit Logs”.
- Click Save.
Additional Exabeam Details
The Exabeam Webhook Cloud Collector documentation is here.
Enter your preferred URL based on your Region. The Exabeam list of Regions for Cloud Collectors is here.
The Splunk steps are near-identical to the steps for Exabeam. The HEC documentation is here.
ConfigurationAPI KeysModelsProxy Configuration (PAC)Download ScriptsSIEM IntegrationsAdditional Exabeam Details
Made with Bullet