• Incident Management Guide for Version 10.6.4 - Table of Contents

       Incident Management  Incident Management ProcessThe Basics  Review AlertsFilter Alerts Create an Incident Manually Add Alerts to an Existing Incident Delete Alerts  Incident Management Pr...
    RSA Information Design and Development
    last modified by RSA Link Team
  • Incident Management Guide for Version 10.6.4

    Sarala Sampath
    last modified by Shree Kulkarni
  • Alerting Using ESA Guide for Version 10.6.4 - Table of Contents

        ESA QuickStart GuideBest Practices Troubleshoot ESA View Memory Metrics for Rules  How ESA Generates AlertsSensitive Data  ESA Rule TypesRole Permissions Practice with Starter Pack ...
    RSA Information Design and Development
    last modified by RSA Link Team
  • Getting Started With Security Analytics for Version 10.6.4 - Table of Contents

    View PDF     Introduction to Security AnalyticsCommon Elements in a Browser Window Common Elements in a View Dashboards Dashlets Terminology  ProceduresAccessing Security Analytics Changing Your P...
    RSA Information Design and Development
    last modified by RSA Link Team
  • Warehouse Analytics Guide for Version 10.6.4 - Table of Contents

    View PDF    Warehouse Analytics Overview  Required ProceduresStep 1. Configure Warehouse Analytics  Step 2. Manage Access to Warehouse Analytics ModuleAdd a Role and Assign Permissions for Warehous...
    RSA Information Design and Development
    last modified by RSA Link Team
  • Reporting Guide for Version 10.6.4 - Table of Contents

    View PDF     Reporting OverviewManage Access for Reporting Module Add a Role and Assign Permissions for Reporting Module Reporting Guidelines Search Reporting Details Troubleshooting  Working with...
    RSA Information Design and Development
    last modified by RSA Link Team
  • Event Source Management Guide for Version 10.6.4 - Table of Contents

    View PDF     About Event Source ManagementAlarms and Notifications Automatic Alerting Common Scenarios for Monitoring Policies  Manage Event Source GroupsCreate Event Source Groups Edit or Delete ...
    RSA Information Design and Development
    last modified by RSA Link Team
  • Investigation and Malware Analysis Guide for Version 10.6.4 - Table of Contents

        How Investigation WorksMalware Analysis Functions Malware Scoring Modules Roles and Permissions for Analysts  Configure Investigation Views and PreferencesConfigure Malware Summary of Events V...
    RSA Information Design and Development
    last modified by RSA Link Team
  • Security Analytics Command Line Interface Guide for Version 10.6.4 - Table of Contents

    View PDF    Security Analytics Command Line Interface  RSA Security Analytics ConsoleAccess NwConsole and Help Basic Command Line Parameters and Editing Connecting to a Service Monitoring Stats Useful C...
    RSA Information Design and Development
    last modified by RSA Link Team
  • Investigation: Roles and Permissions for Malware Analysts

       This topic identifies the user roles and permissions required for a user to conduct malware analysis in Security Analytics. If you cannot perform an analysis task or see a view, the administrator may need...
  • Investigation: Manage Column Groups in the Events View

       This topic provides instructions for an analyst to create and manage custom column groups for displaying data in the Navigation > Events view. When viewing a list of events in Security Analy...
  • Investigation - Add Events to an Incident Dialog

       In the Add Events to an Incident dialog, analysts can add alerts to an existing incident so that incident responders look at the associated events as part of an incident response. Related procedures ...
  • Investigation: Export Events and Extract Files

       When analysts are viewing an event reconstruction in Security Analytics Investigation, the Actions menu has an option to extract files from the event being viewed and export them to an archive. Note: You...
  • Investigation: Conduct Malware Analysis

       Analysts can use the RSA Security Analytics Malware Analysis service to detect malware. Once you initiate a Malware Analysis investigation, there is no specific order in which to conduct the investigatio...
  • Investigation: Malware Analysis Functions

       Security Analytics Malware Analysis is an automated malware analysis processor designed to analyze certain types of file objects (for example, Windows PE, PDF, and MS Office) to assess the likelihood that...
  • Investigation: Visualize Metadata as Parallel Coordinates

       This topic tells analysts how to use the parallel coordinates visualization in the Navigate view to focus the investigation on combinations of meta keys and values that may indicate events ...
  • Investigation: Set the Time Range for an Investigation

       When conducting an investigation in the Investigation > Navigate view, the time range options limit the results returned. You can select: A time range relative to the collection. Ranges relative...
  • Investigation: Drill into Data in the Values Panel

       Security Analytics displays the activity and values for the selected service in the Investigation > Navigate view. To investigate data, analysts drill into data by clicking on a meta key or a meta...
  • Investigation: Filter Information in Navigate View

       This topic describes the methods available to filter results in the Investigation > Navigate view.  When conducting an investigation in Security Analytics, there are several methods available to ...
  • Investigation: Examine Scan Files and Events in List Form

       This topic provides instructions for viewing files associated with an event in the Security Analytics Malware Analysis Files List. When viewing the Summary of Events in a Security Analytics Malware Analy...