Alex Cox

RSA Incident Response Indicators added to RSA LIVE

Blog Post created by Alex Cox Employee on Jun 4, 2016

We are pleased to announce the addition of threat indicators directly from RSA's world class Incident Response team.   These indicators include Domains and IPs that are sourced from Incident Response activities in a variety of ways:


- Direct observation during RSA Incident Response engagements

- Related indicators developed via malware, DNS, and whois analysis

- 3rd Party Indicators with connections to RSA IR activity


These indicators can be loaded into Security Analytics by subscribing to the following feeds in RSA Live:


RSA FirstWatch Command and Control Domains

RSA FirstWatch Command and Control IPs


The following pivot can be used to located hits to these indicators in the Security Analytics UI:


threat.source = "rsa ir indicators"


Thanks and Happy Hunting!


RSA FirstWatch