Skip navigationLog in to follow, share, and participate in this community. RSA NetWitness has a number of integrations with threat intel data providers but two that I have come across recently were not listed (MISP and Minemeld) so I figured that it would be a good challenge to see if they c... Threat Intel Integration with MISP and Minemeld
BackThank you for joining us for the July 22nd NetWitness Webinar covering Data Carving using Logs as presented by Leonard Chvilicek. An edited recording is available below, with the Zoom link to the original webinar reco... July 22nd NetWitness Webinar - Data Carving in Logs
BackThis article applies to hunting with Netwitness for Networks (packet-based). Before proceeding, it is important that you are aware of any GDPR or other applicable data collection regulations which will not be covered ... HTTP Plaintext Password Hunting and Parser Updates
BackA question has come up a few times on how someone could exclude certain machines from triggering NetWitness Endpoint Agent alerts easily. This particular use case were their "Gold Images" w... Using Feeds to Whitelist Endpoint Rules
BackHere's the steps you'll need to follow to initiate a fork of the RSA NetWitness Log Parsers Repository Create GitHub account for free https://www.GitHub.com Locate the RSA NetWitness project https://gi... How To Contribute Your Parsers to the RSA NetWitness GitHub
BackSummary: Several changes have been made to the Threat Detection Content in Live. For added detection you need to deploy/download and subscribe to the content via Live, for retired content you'll need to manually remov... Threat Detection Content Update - June 2020
BackWireshark has been around for a long time and the display filters that exist are good reference points to learn about network (packet) traffic as well as how to navigate around various parts of sessions or streams. &#... RSA NetWitness Query Syntax Compared to Wireshark Display Filters
BackI have recently been posting a number of blogs regarding the usage of the RSA NeWitness Platform to detect attackers within your environment. As the list of the blogs grow, it is becoming increasingly difficult to nav... Profiling Attackers Series
BackCarrying on with the theme of Remote Access Tools (RATs), in this blog post will be covering Void-RAT. This tool is still in development and currently at alpha release so doesn't come with as many features as oth... Using RSA NetWitness to Detect Void-RAT
BackI've seen and heard a fair bit of discussion recently about whether it's possible to create custom matchCondition and groupBy fields within the new 11.x Respond Server. "We have the capability within 10.x," the ... Creating Custom Match Condition and Group By Fields for Respond in 11.x
BackOverview
To ISO or Not to ISO
VM Host Sizing
Raw Event Data Storage
Install Services
Validate Folder Sizes - RSA NetWitness Platform Databases
Validate Thresholds - MongoDB
Minimu... Tips to Build [Small] RSA NetWitness Platform Virtual Hosts
BackThe RSA NetWitness Platform has multiple new enhancements as to how it handles Lists and Feeds in v11.x. One of the enhancements introduced in the v11.1 release was the ability to use Context Hub Lists as Blackl... Auto-updating Context Hub Lists from ESA Alerts
BackOverview Sending a notification based on a critical or time-sensitive event seen in your environment is table stakes functionality for any detection platform. Alerting someone in a timely manner is important, but bui... Building the Notifications of Your Dreams in the RSA NetWitness Platform
BackThis month we did a live demonstration of upgrading the firmware on an iDRAC of version 8 and version 9. Sadly I wasn't able to make videos for this one, but here are Dell's official walkthrough videos: (Please keep i... iDRAC Firmware Upgrade and Feature Overview
BackSummary:Several changes have been made to the Threat Detection Content in Live. For added detection you need to deploy/download and subscribe to the content via Live. For retired content, you must manually remove thos... Threat Detection Content Update - May 2020
BackDelving back into the C2 Matrix to look for some more inspiration for blog posts, we noticed there are a number of Remote Administration Tools (RATs) listed. So we decided to start taking a look at these RATs and... Using RSA NetWitness to Detect QuasarRAT
BackTo round out our series explaining how to use the indicators from ASD & NSA's report for detecting web shells (Detect and prevent web shell malware | Cyber.gov.au ) with NetWitness, let's take a look at the e... ASD & NSA's Guide to Detect and Prevent Web Shell Malware – Endpoint Visibility
BackOne of the features included in the RSA NetWitness 11.3 release is something called Threat Aware Authentication (Respond Config: Configure Threat Aware Authentication). This feature is a direct integration betwe... Examining Threat Aware Authentication in v11.3
BackAs cloud deployments continue to gain popularity you may find the need for running the RSA NetWitness Platform in Google Cloud. The RSA NetWitness Platform is already available for AWS and Azure, however is not ... Running RSA NetWitness in Google Cloud
BackIf you've ever done any work testing against an API (or even just for fun), then you've likely come across a number of tools that aim to make this work (or fun) easier. Postman is one of these tools, and ...
