A Treatise on Writing Packet Parsers for the RSA NetWitness Platform PARSERS - A Treatise on Writing Packet Parsers for RSA NetWitness If you're interested in learning to write your own custom packet parsers, this is the information you need. It covers parser writing from... 
RSA NetWitness Investigation Meta RSA NetWitness Investigation MetaThis table lists all of the delivered RSA NetWitness Investigation meta. Meta Key Details analysis.file: autorun Registered by: autorun.nwr analysis.file: autorun d... 
RSA Content - Table of Contents Use CasesRSA NetWitness Packet Hunting Guide RSA UEBA Essentials Hunting Guide Content DeploymentNetWitness 11.x Live Services Guide Live Content Search Tags Investigation Model Endpoint Cont... 
Configure Windows Collection Windows Collection in RSA NetWitness® PlatformNetWitness Platform provides several ways to collect logs from Microsoft Windows machines. Each method has advantages and disadvantages, as well as different methods ... ESA Rule Writing Best Practices When working with RSA Live ESA or the ESA Rule Builder, you should not need to know the EPL syntax used within the rules. However, if your use case exceeds the capabilities of either of these, you should become famili... Discontinued Content In an ongoing effort to provide the best user experience, RSA periodically discontinues content (such as rules and reports). This is to keep pace with the ever evolving threat landscape, and to ensure our customers ar... RSA ESA Rules Pivot to Investigate > Navigate from Respond May Not WorkIn ESA rules that do not select every piece of meta from the session (that is, rules that do not use select *), you may see that data privacy (if enabled) an... RSA NetWitness Reports This topic lists the RSA NetWitness Reports. The reports are built upon rules and lists. When you download a report, all necessary RSA NetWitness Rules and RSA NetWitness Lists are also downloaded. You may, however, n... RSA NetWitness Rules This table lists all of the delivered RSA NetWitness Rules. Note: For content that has been discontinued, see Discontinued Content. Display Name File Name Description Medium Tag 11.1-11.2 Autoruns and Scheduled T... Packet Parsers This topic discusses and describes the packet (Lua) parsers available in RSA NetWitness Platform. If you need a parser that does not already exist, you can Request a Parser. Note: More information on each of these par... Content Bundles or Packs As part of the ongoing development of content to combat threats, RSA develops content bundles. These are grouped sets of content (rules, parsers, feeds) that can be deployed as a group from RSA Live. Deploying a... RSA NetWitness Endpoint Application Rules The following table lists the RSA Application Rules for NetWitness Endpoint. Display Name File Name Description Tag Accesses Administrative Share Using Command Shell accesses_administrative_share_using_command_shell A... RSA NetWitness Application Rules The following table lists all of the delivered RSA Application Rules. For syntax and examples for application rules, see Application Rules Cheat Sheet. Note: For content that has been discontinued, see Discontinued Co... Log Parser Customization On occasion, you may need to modify one or more of your log parsers. For example, you may need to fix an unknown message, or to parse certain fields differently than in the manner provided by default. Log Parser Cust... Live Search in NetWitness 11.x The following is an example showing the Live Search Categories in NetWitness11.x. You are here Table of Contents > Live Search in NetWitness 11.x Deploy the Investigation Feed in Security Analytics 10.x To deploy the Investigation feed: In the Security Analytics menu, select Live > Search. In the Search Criteria section, select RSA Feed from the Resource Types drop-down menu. In the Keywords field, ... Phishing Lua Parser Options Caution: RSA strongly suggests that you do not subscribe to the options file. Subsequent downloads of this file will overwrite all changes that you have made to the file. Note the following: ... RSA Application Rules The following table lists all of the delivered RSA Application Rules. For syntax and examples for application rules, see Application Rules Cheat Sheet. Note: For content that has been discontinued, see Dis...
