Skip navigation
All Places > Products > RSA NetWitness Platform > Blog > 2014 > November

RSA is pleased to announce the addition of new and updated content to the RSA Live Content Library.


RSA Research

Just in time for shopping season we’d like to bring to your attention to two research papers written by our RSA Incident Response team. Both papers are excellent examples of how RSA Security Analytics and RSA ECAT can be used together to identify malicious activity, specifically focused on point-of-sale attacks and malware. They can be found on the Community here and here

Our research team, RSA FirstWatch, have also posted a blog on the Community outlining how to use Security Analytics to detect variants of the YAKES Trojan. You can find the blog post here:

New Content

We have created a bundle of new rules that are utilizing both our own intelligence feeds as well as RSA ECAT endpoint alerts that can now be used for incident detection with the Event Stream Analysis (ESA) appliance. We’ve also created rules utilizing IPS logs and host logs to detect DoS style attacks and service shutdowns as well as instances of mass audit log clearing. Lastly we’ve updated our 3rd party IOC feeds to include IOCs common to the activity of APT28, the suspected Russian threat group.

On the log front we have added log support for Bluecoat IPAM, DNS & DHCP as well as the Jenkins integration platform. We’ve also performed updates to 28 of our device log parsers

For a full list of New and Updated Content for November, please go here:

November Announcements


NEW! To view the entire library of content go to the  “Content and Resource” section on RSA Security Analytics Docs (SA Docs):


We look forward to presenting you new content updates next month!


The RSA Security Analytics Content Team

RSA Admin

Point of Sale Best Practices

Posted by RSA Admin Employee Nov 18, 2014

The Financial Services Information Sharing and Analysis Center (FS-ISAC), the United States Secret Service (USSS), and the Retail Cyber Intelligence Sharing Center (R-CISC) has published and advisory on Point of Sale (POS) best practices.


The advisory provides information on and recommends possible mitigations for common cyber exploitation tactics, techniques and procedures (TTPs) consistently and successfully leveraged by attackers in the past year.


Many of these TTPs have been observed by the FS-ISAC, through its members, and identified in Secret Service investigations.


You can find the advisory on the FS-ISAC website at :

Filter Blog

By date: By tag: