Log in to follow, share, and participate in this community. Overview If you are looking at retention requirements for compliance, making decisions about the architecture, or to retain a decent investigation history, NetWitness retention is always at the top of these discussion... Although the RSA NetWitness platform gives administrators visibility into system metrics through the Health & Wellness Systems Stats Browser, we currently do not have a method to see all storage / retention a... 22APR2020 - UPDATE: Naushad Kasu has posted a video blog of this process and I have posted the template.xml and NweAgentPolicyDetails_x64.exe files from his blog here. 08APR2020 - UPDATE: adding ... As you’ve surely seen, a recently discovered supply chain attack has impacted numerous organizations including corporations, government agencies, and nonprofits. Information continues to emerge about the m... What Happened On December 8th, 2020, FireEye announced that it had been the victim of a cyber attack perpetrated by an advanced nation state actor. They've disclosed their research into the attack in a few place... Introduction
... I'm certain everyone reading this was just as shocked by the recent news about the FireEye breach as I was and is diligently trying to assess their current security posture in light of this information. As we at RSA v... Table of Contents
Table of Contents
Finding Abnormal Traffic
ESA Rule Builder
Decoder App Rule
Simple ... Zerologon (CVE-2020-1472) is a vulnerability with a perfect CVSS score of 10/10 being used in the wild by attackers, allowing them to gain admin access to a Windows Domain Controller. As more publ... Table of Contents
How is Ransomware Deployed?
Account Cre... As of RSA NetWitness 11.5, configuring what network traffic your Decoders collect and to what degree it should collect it has become much easier. Administrators can now define a collection policy containing rules for ... We are excited to announce the release of the new RSA OSINT Indicator feed, powered by ThreatConnect! What is it? There are two new feeds that have been introduced to RSA Live, built on Open Source ... In 11.3 the same NWE Agent can operate in Insights (free) or Advanced Mode . This change can be made by toggling a policy configuration in the UI and does not require agent reinstall or reboot. There could be bo... Health and Wellness leverages RabbitMQ to be able to collect the actual status of any components of the RSA Netwitness platform. After changing an IP on a component the Health and Wellness keep communicating... RSA NetWitness Platform 11.5 has expanded support for Snort rules (also known as signatures) that can be imported into the network Decoders. Some of the newly supported rule parameters are: nocase byte-extract byte-ju... A business what? A Business Context Feed is a feed that provides context about systems or data that is present in NetWitness to aid the analyst in understanding more about the system or data they are examining.&... Before I jump into explaining what is the relation between RSA NetWitness as an evolved SIEM and Threat Defense platform and Gartner’s SOC Visibility triad, I’m going to start by talking about Ga... RSA NetWitness has been supporting Structured Threat Information eXpression (STIX™) as it has been the industry standard for Open Source Cyber Threat Intelligence for quite some time. In Net... RSA NetWitness 11.5 introduces the ability to interactively filter events using the metadata associated with all the events. This is seen as a new Filter button inside the Event screen that opens the Filter Events pan... As of RSA Netwitness Platform 11.5, analysts have a new landing page option to help them determine where to start upon login. We call this new landing page Springboard. In 11.5 it will become the new defau...