Log in to follow, share, and participate in this community. Introduction Cobalt Strike is a threat emulation tool used by red teams and advanced persistent threats for gaining and maintaining a foothold on networks. This blog post will cover the detection of Cobalt Strik... In line with some of my other integrations, I recently decided to also create a proof-of-concept solution on how to integrate RSA NetWitness meta data into an ELK stack. Given that I already had a couple of Py... RSA NetWitness has a number of integrations with threat intel data providers but two that I have come across recently were not listed (MISP and Minemeld) so I figured that it would be a good challenge to see if they c... In the past, I've seen a number of people ask how to enable a recurring feed from a hosting server that is using SSL/TLS, particularly when attempting to add a recurring feed hosted on the NetWitness Node0 server... A couple years ago, a few smart folks over at salesforce came up with the idea of fingerprinting certain characteristics of the "Client Hello" of the SSL/TLS handshake, with the goal to more accurately identify the cl... Introduction to MITRE ATT&CK™ Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) for enterprise is a framework which describes the adversarial actions or tactics from Initial Access (E... One of the biggest commitments we at RSA make to our customers is to provide best-in-class security products that help manage digital risk. Our goal is to do so with maximum reliability while also requiring mini... Today RSA Link implemented a new way of presenting documentation to help RSA NetWitness® Platform customers find the information they need quickly and easily. RSA NetWitness Platform 11.3 presents the documentati... As cloud deployments continue to gain popularity you may find the need for running the RSA NetWitness Platform in Google Cloud. The RSA NetWitness Platform is already available for AWS and Azure, however is not ... Introduction to MITRE’s ATT&CK™ Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) for enterprise is a framework which describes the adversarial actions or tactics from Initial A... Overview
To ISO or Not to ISO
VM Host Sizing
Raw Event Data Storage
Validate Folder Sizes - RSA NetWitness Platform Databases
Validate Thresholds - MongoDB
Minimu... In one of my previous posts (Shannon. Have you seen my Entropy?) I touched on using a custom Java entropy calculator within the ESA to calculate the entropy values for domains to assist with detecting Domain Generatio... One of the changes introduced in 11.x (11.0, specifically) was the removal of the macros.ftl reference in notification templates. These templates enable customized notifications (primarily syslog and email)... IntroductionThere are many, many ways to exfiltrate data from a network, but one common way to do it is using DNS Exfiltration. With these specific techniques the attackers use the already open port for dns traff... Introducing RSA NetWitness Platform's support for AWS VPC Traffic Mirroring! By partnering with AWS and integrating with their AWS VPC Traffic Mirroring, customers are able to access to the right virtual traff... One of the features included in the RSA NetWitness 11.3 release is something called Threat Aware Authentication (Respond Config: Configure Threat Aware Authentication). This feature is a direct integration betwe... It often happens to me that while I am testing new alerts and incident aggregation rules, I find that the aggregation condition(s) I chose in my Incident Rule are not what I want. While I could re-create th... An administrator uploads custom YARA content to the RSA NetWitness Platform per instructions in the documentation. Turns out they want to change or delete it, but the only options in the user interface are to disable ... In RSA NetWitness 11.3, one of the behind-the-scenes changes to the platform was moving the script notification server from ESA onto the Admin Server. This change opens up a number of possibilities for scripti... Greetings fellow innovators! RSA is in the midst of an internal innovation challenge and we are actively seeking feedback from customers and partners. Specifically, we have published concept summaries and would...