We are pleased to announce the addition of threat indicators directly from RSA's world class Incident Response team. These indicators include Domains and IPs that are sourced from Incident Response activities in a variety of ways:
- Direct observation during RSA Incident Response engagements
- Related indicators developed via malware, DNS, and whois analysis
- 3rd Party Indicators with connections to RSA IR activity
These indicators can be loaded into Security Analytics by subscribing to the following feeds in RSA Live:
RSA FirstWatch Command and Control Domains
RSA FirstWatch Command and Control IPs
The following pivot can be used to located hits to these indicators in the Security Analytics UI:
threat.source = "rsa ir indicators"
Thanks and Happy Hunting!
RSA FirstWatch
I am not seeing these feeds in my customer's Live search. Can you confirm they are on Live?