Michael Sconzo

Content Update

Blog Post created by Michael Sconzo Employee on Jan 13, 2017

Hopefully everybody had a great holiday season! I know we did, and we've been getting some new capabilities into Live.

 

For starters if you're running 10.6.2, you'll notice 2 new bundles. The Starter Pack for Logs, and the Starter Pack for Packets. These provide a great starting point to make sure you can find some interesting activity in 10.6.2 moving forward, and to insure that dashboards populate if you have the appropriate data coming into the NetWitness Suite.

 

App Rules, Parsers, and Reports.

  • CustomTCP Parser - Schoolbell Malware
  • Rekaf malware Parser - Schoolbell Malware
  • Updated Cerber Parser
  • Updates to the Dynamic DNS parser
  • Updated the Encrypted Traffic report with Tox protocol identification

 

Lots of Feed updates for: Locky, Cerber, Schoobell, Kingslayer, and Grizzly Steppe

 

In addition First Watch has been putting some great blog posts out there!

 

As usual more great stuff on the horizon.

Outcomes