Log in to follow, share, and participate in this community. RSA NetWitness has a number of integrations with threat intel data providers but two that I have come across recently were not listed (MISP and Minemeld) so I figured that it would be a good challenge to see if they c... Thank you for joining us for the July 22nd NetWitness Webinar covering Data Carving using Logs as presented by Leonard Chvilicek. An edited recording is available below, with the Zoom link to the original webinar reco... This article applies to hunting with Netwitness for Networks (packet-based). Before proceeding, it is important that you are aware of any GDPR or other applicable data collection regulations which will not be covered ... A question has come up a few times on how someone could exclude certain machines from triggering NetWitness Endpoint Agent alerts easily. This particular use case were their "Gold Images" w... Here's the steps you'll need to follow to initiate a fork of the RSA NetWitness Log Parsers Repository Create GitHub account for free https://www.GitHub.com Locate the RSA NetWitness project https://gi... Summary: Several changes have been made to the Threat Detection Content in Live. For added detection you need to deploy/download and subscribe to the content via Live, for retired content you'll need to manually remov... Wireshark has been around for a long time and the display filters that exist are good reference points to learn about network (packet) traffic as well as how to navigate around various parts of sessions or streams. ... I have recently been posting a number of blogs regarding the usage of the RSA NeWitness Platform to detect attackers within your environment. As the list of the blogs grow, it is becoming increasingly difficult to nav... Carrying on with the theme of Remote Access Tools (RATs), in this blog post will be covering Void-RAT. This tool is still in development and currently at alpha release so doesn't come with as many features as oth... I've seen and heard a fair bit of discussion recently about whether it's possible to create custom matchCondition and groupBy fields within the new 11.x Respond Server. "We have the capability within 10.x," the ... Overview
To ISO or Not to ISO
VM Host Sizing
Raw Event Data Storage
Validate Folder Sizes - RSA NetWitness Platform Databases
Validate Thresholds - MongoDB
Minimu... The RSA NetWitness Platform has multiple new enhancements as to how it handles Lists and Feeds in v11.x. One of the enhancements introduced in the v11.1 release was the ability to use Context Hub Lists as Blackl... Overview Sending a notification based on a critical or time-sensitive event seen in your environment is table stakes functionality for any detection platform. Alerting someone in a timely manner is important, but bui... This month we did a live demonstration of upgrading the firmware on an iDRAC of version 8 and version 9. Sadly I wasn't able to make videos for this one, but here are Dell's official walkthrough videos: (Please keep i... Summary:Several changes have been made to the Threat Detection Content in Live. For added detection you need to deploy/download and subscribe to the content via Live. For retired content, you must manually remove thos... Delving back into the C2 Matrix to look for some more inspiration for blog posts, we noticed there are a number of Remote Administration Tools (RATs) listed. So we decided to start taking a look at these RATs and... To round out our series explaining how to use the indicators from ASD & NSA's report for detecting web shells (Detect and prevent web shell malware | Cyber.gov.au ) with NetWitness, let's take a look at the e... One of the features included in the RSA NetWitness 11.3 release is something called Threat Aware Authentication (Respond Config: Configure Threat Aware Authentication). This feature is a direct integration betwe... As cloud deployments continue to gain popularity you may find the need for running the RSA NetWitness Platform in Google Cloud. The RSA NetWitness Platform is already available for AWS and Azure, however is not ... If you've ever done any work testing against an API (or even just for fun), then you've likely come across a number of tools that aim to make this work (or fun) easier. Postman is one of these tools, and ...