The RSA Content team is pleased to announce the addition of new and updated content to the RSA Live Content Library! As always the Content team has been heads down reviewing our existing Event Stream Analysis (ESA) rule library. This massive effort is focused on ensuring accuracy and organization around our current correlative capabilities. We are going above and beyond validating the logic of the rules, and we are leveraging our team of subject matter experts to eliminate false positives and ensure an extremely targeted rule set.
Let’s take a look at what we have released to RSA Live during the month of April:
- 18 Updates to Event Streaming Analysis (ESA) rules
- This will limit noise in customer ESA environments and ensure the most targeted intelligence in our rule library
- 25 Lua parser updates
- This effort enhances parser performance, relieves memory issues, and ensures no duplication of generated meta
- 11 Application Rule updates
- Addresses an issue where the “filter” app rules were not set to “filter”
- 2 New Log parsers
- Microsoft URL Scan - MS URL Scan is a tool that identifies the different types of HTTP requests that are sent to an IIS, giving SA visibility into blocked/rejected URLs
- UnboundID Identity Store access log events are supported
- 26 Log parser updates
- Improves parsing accuracy and supports newer versions of event sources
For a full breakdown of new/updated content released to RSA Live, go here:
Also, you can view our holistic content library and content request portals here:
The next few months will be an exciting time for the Content Team! We will be finishing up our ESA rule library project and also focusing on rules and reports to enable alerting for critical activity with AWS environments. We are also planning on releasing some cool content for ShadowIT detection!
We look forward to sharing some great updates with you next month!
The ASOC Content Team