Skip navigation
Log in to follow, share, and participate in this community.

Recent Activity

RSA Information Design and Development
Click to view contentWhen working with RSA Live ESA or the ESA Rule Builder, you should not need to know the EPL syntax used within the rules. However, if your use case exceeds the capabilities of either of these, you should become familiar with at least the basics of the EsperTech EPL language used with ESA. Note: NetWitness Platform 11.3 users Esper 7.1. Earlier…
RSA Information Design and Development
Click to view content    For RSA NetWitness Platform 11.1 and later, ESA Rules can use Context Hub (CH) Lists as whitelists and blacklists in their construction and processing. To see details about these rules, see RSA ESA Rules. This topic discusses the following: Use CH Lists in ESA Rules OOTB Context Hub Lists How to Update a Context Hub List How to…
RSA Information Design and Development
Click to view content    The Investigation feed generates metadata in order to assist analysts with threat hunting and content generation such as reports and alerts. This is useful for front line analysts, because it minimizes the time dedicated to mining logs or sessions in support of their findings. The content within the feed is a list of application rules or…
Scott Marcus
Introduction to MITRE’s ATT&CK™ Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) for enterprise is a framework which describes the adversarial actions or tactics from Initial Access (Exploit) to Command & Control (Maintain). ATT&CK™ Enterprise deals with the classification of post-compromise adversarial tactics and techniques… (Show more)
Scott Marcus
Introduction to MITRE’s ATT&CK™   Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) for enterprise is a framework which describes the adversarial actions or tactics from Initial Access (Exploit) to Command & Control (Maintain). ATT&CK™ Enterprise deals with the classification of post-compromise adversarial tactics and techniques… (Show more)
Load more items