Skip navigation
Log in to follow, share, and participate in this community.

Recent Activity

RSA Information Design and Development
Click to view contentWhen working with RSA Live ESA or the ESA Rule Builder, you should not need to know the EPL syntax used within the rules. However, if your use case exceeds the capabilities of either of these, you should become familiar with at least the basics of the EsperTech EPL language used with ESA. Note: NetWitness Platform 11.3 uses Esper 7.1. Earlier…
RSA Information Design and Development
    Use CasesRSA NetWitness Packet Hunting Guide RSA UEBA Essentials Hunting Guide  Content DeploymentNetWitness 11.x Live Services Guide Live Content Search Tags Investigation Model Endpoint Content 11.3  Content Development GuidesContent Quick Start Guide A Treatise on Writing Packet Parsers for the RSA NetWitness Platform NetWitness Log…
RSA Information Design and Development
    Many cyber threats have already been identified, and RSA NetWitness has been actively delivering content related to these identified threats. The content required to hunt these threats are in the form of different resource types such as feeds, parsers, application rules and so on. The RSA NetWitness Known Threats Pack enables analysts to…
RSA Information Design and Development
    As part of the ongoing development of content to combat threats, RSA develops content bundles. These are grouped sets of content (rules, parsers, feeds) that can be deployed as a group from RSA Live. Deploying a Bundle You can deploy all of the items in the bundles through Live. Note: If you are in an environment where you cannot Deploy,…
RSA Information Design and Development
  Overview This topic provides details about configuring Windows collection so that NetWitness can collect logs from Microsoft Windows machines. In this document, the word "Collector" refers to either the NetWitness Log Collector or the NetWitness Virtual Log Collector. The word “Channel” refers to a Windows Event Log, for example, a Security…
RSA Information Design and Development
Click to view content  What is Data Exfiltration? One of the most common goals of malicious actors is to steal data. Data exfiltration refers to the successful sending of information out of an environment to an environment controlled by an attacker. Data exfiltration takes many different forms and is an objective of many different types of specific attacks. What is…
RSA Information Design and Development
Click to view content  What are Web Shells? Definition of web shells, from the United States Computer Emergency Readiness Team (TA15-314A): A web shell is a script that can be uploaded to a web server to enable remote administration of the machine. Infected web servers can be either Internet-facing or internal to the network, where the web shell is used to pivot…
RSA Product Team
Click to view contentThe following table lists the RSA Application Rules for NetWitness Endpoint. Display Name File Name Description Accesses Administrative Share Using Command Shell accesses_administrative_share_using_command_shell Accessing administrative share using command shell can be an indicator of someone trying for lateral movement or privilege escalation by…
Load more items