RSA Admin

RSA Live November Content Announcement

Blog Post created by RSA Admin Employee on Nov 18, 2014

RSA is pleased to announce the addition of new and updated content to the RSA Live Content Library.


RSA Research

Just in time for shopping season we’d like to bring to your attention to two research papers written by our RSA Incident Response team. Both papers are excellent examples of how RSA Security Analytics and RSA ECAT can be used together to identify malicious activity, specifically focused on point-of-sale attacks and malware. They can be found on the Community here and here

Our research team, RSA FirstWatch, have also posted a blog on the Community outlining how to use Security Analytics to detect variants of the YAKES Trojan. You can find the blog post here:

New Content

We have created a bundle of new rules that are utilizing both our own intelligence feeds as well as RSA ECAT endpoint alerts that can now be used for incident detection with the Event Stream Analysis (ESA) appliance. We’ve also created rules utilizing IPS logs and host logs to detect DoS style attacks and service shutdowns as well as instances of mass audit log clearing. Lastly we’ve updated our 3rd party IOC feeds to include IOCs common to the activity of APT28, the suspected Russian threat group.

On the log front we have added log support for Bluecoat IPAM, DNS & DHCP as well as the Jenkins integration platform. We’ve also performed updates to 28 of our device log parsers

For a full list of New and Updated Content for November, please go here:

November Announcements


NEW! To view the entire library of content go to the  “Content and Resource” section on RSA Security Analytics Docs (SA Docs):


We look forward to presenting you new content updates next month!


The RSA Security Analytics Content Team