Skip navigationLog in to follow, share, and participate in this community. Zerologon (CVE-2020-1472) is a vulnerability with a perfect CVSS score of 10/10 being used in the wild by attackers, allowing them to gain admin access to a Windows Domain Controller. As more publ... Domain Controller Takeover with Zerologon, from Compromise to Detection
BackBefore I jump into explaining what is the relation between RSA NetWitness as an evolved SIEM and Threat Defense platform and Gartner’s SOC Visibility triad, I’m going to start by talking about Ga... RSA NetWitness Evolved SIEM and Gartner SOC Visibility Triad
BackRSA NetWitness has been supporting Structured Threat Information eXpression (STIX™) as it has been the industry standard for Open Source Cyber Threat Intelligence for quite some time. In Net... Enhanced Threat Intel support via STIX in NetWitness
BackAlthough the RSA NetWitness platform gives administrators visibility into system metrics through the Health & Wellness Systems Stats Browser, we currently do not have a method to see all storage / retention a... RSA NetWitness Storage Retention Script
BackAs of RSA NetWitness 11.5, configuring what network traffic your Decoders collect and to what degree it should collect it has become much easier. Administrators can now define a collection policy containing rules for ... Selective Network Data Collection
BackRSA NetWitness 11.5 introduces the ability to interactively filter events using the metadata associated with all the events. This is seen as a new Filter button inside the Event screen that opens the Filter Events pan... Investigate 11.5 - Event Filters (Beta)
BackAs of RSA Netwitness Platform 11.5, analysts have a new landing page option to help them determine where to start upon login. We call this new landing page Springboard. In 11.5 it will become the new defau... Introducing Springboard to RSA NetWitness Platform
BackRSA is pleased to announce the availability of the NetWitness Export Connector, which enables customers to export NetWitness Platform events and routes the data where you want, all in continuous, streaming fashion. Pr... Introducing the NetWitness Export Connector
BackWe are excited to announce the release of the new RSA OSINT Indicator feed, powered by ThreatConnect! What is it? There are two new feeds that have been introduced to RSA Live, built on Open Source ... Introducing the New RSA OSINT Threat Feeds
BackIntroduction to MITRE ATT&CK™ Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) for enterprise is a framework which describes the adversarial actions or tactics from Initial Access (E... RSA Threat Content mapping with MITRE ATT&CK™
BackIn 11.3 the same NWE Agent can operate in Insights (free) or Advanced Mode . This change can be made by toggling a policy configuration in the UI and does not require agent reinstall or reboot. There could be bo... RSA NetWitness Endpoint 11.3 vs 4.4 - Key Features/Differences
BackAbstract In this blog I describe a recent intrusion that started with the exploit of CVE-2020-0688. Microsoft released a patch for this vulnerability on 11 February 2020. In order for this exploit to work, ... Exchange Exploit Case Study – CVE-2020-0688
BackIf you've ever done any work testing against an API (or even just for fun), then you've likely come across a number of tools that aim to make this work (or fun) easier. Postman is one of these tools, and ... RSA NetWitness has a number of integrations with threat intel data providers but two that I have come across recently were not listed (MISP and Minemeld) so I figured that it would be a good challenge to see if they c... Threat Intel Integration with MISP and Minemeld
BackCustomers frequently ask me about malware that uses domain fronting and how to detect it. Simply put, domain fronting is when malware or an application pretends to be going to one domain but instead is going somewhere... By default, NetWitness Endpoint 11.x creates a self-signed Certificate Authority during its initial installation, and uses this CA to generate certificates for the endpoint agent and the local reverse proxy that handl... Using a 3rd Party Certificate with Endpoint 11.4 - The Hard Way
BackBy default, NetWitness Endpoint 11.x creates a self-signed Certificate Authority during its initial installation, and uses this CA to generate certificates for the endpoint agent and the local reverse proxy that handl... Using a 3rd Party Certificate with Endpoint 11.4 - The Easy Way
BackThank you for joining us for the July 22nd NetWitness Webinar covering Data Carving using Logs as presented by Leonard Chvilicek. An edited recording is available below, with the Zoom link to the original webinar reco... July 22nd NetWitness Webinar - Data Carving in Logs
BackThis article applies to hunting with Netwitness for Networks (packet-based). Before proceeding, it is important that you are aware of any GDPR or other applicable data collection regulations which will not be covered ... HTTP Plaintext Password Hunting and Parser Updates
BackA question has come up a few times on how someone could exclude certain machines from triggering NetWitness Endpoint Agent alerts easily. This particular use case were their "Gold Images" w... Using Feeds to Whitelist Endpoint Rules
Back
