RSA Admin

RSA Live February Content Announcement

Blog Post created by RSA Admin Employee on Feb 24, 2015

RSA Security Analytics customers,

The first couple of months of 2015 have been very busy on the content front! Our RSA Live and Content Team is mid-way through a Herculean effort to review (and in some cases rewrite) our current ESA rule library to provide more targeted rule logic. Through all of this activity the content factory keeps rolling. Let’s take a quick look at what we have released so far this year:

  • Application rules for detecting the downloads of remote access and Active Directory database extraction tools
  • ESA rules for using NetFlow to detect spamming internal hosts, worm propagation, and web-based DoS attacks
  • ESA rules for detecting suspicious administrative activity as well as service and protected account manipulation
  • 34 ESA rule updates
  • Lua parsers for parsing SIP and NetBIOS, as well as isolating the queries from common search engines
  • Log parser for VMware NSX
  • 43 Log parser updates





The year has started out strong and we have a lot of content in the development pipeline for the first half of this year!


As always, we look forward to working with you to further refine our content offering and help make Security Analytics the undisputed market leader for detecting advanced threats. You can find our latest content catalog here:

If you have an interesting use case for a piece of content, let us know about it by mailing us at:



The ASOC Content Team