• A Treatise on Writing Packet Parsers for the RSA NetWitness Platform

    PARSERS - A Treatise on Writing Packet Parsers for RSA NetWitness   If you're interested in learning to write your own custom packet parsers, this is the information you need.  It covers parser writing from...
    William Motley
    last modified by William Motley
  • Install and Update the SFTP Agent for RSA NetWitness Platform

    Scott Marcus
    last modified by RSA Product Team
  • RSA NetWitness Investigation Meta

      RSA NetWitness Investigation MetaThis table lists all of the delivered RSA NetWitness Investigation meta. Meta Key Details analysis.file: autorun Registered by: autorun.nwr analysis.file: autorun d...
    RSA Product Team
    last modified by RSA Product Team
  • RSA Content - Table of Contents

        Use CasesRSA NetWitness Packet Hunting Guide RSA UEBA Essentials Hunting Guide  Content DeploymentNetWitness 11.x Live Services Guide Live Content Search Tags Investigation Model Endpoint Cont...
    RSA Information Design and Development
    last modified by RSA Product Team
  • Configure Windows Collection

    Windows Collection in RSA NetWitness® PlatformNetWitness Platform provides several ways to collect logs from Microsoft Windows machines. Each method has advantages and disadvantages, as well as different methods ...
    RSA Information Design and Development
    last modified by RSA Product Team
  • ESA Rule Writing Best Practices

    When working with RSA Live ESA or the ESA Rule Builder, you should not need to know the EPL syntax used within the rules. However, if your use case exceeds the capabilities of either of these, you should become famili...
    RSA Information Design and Development
    last modified by RSA Product Team
  • Discontinued Content

    In an ongoing effort to provide the best user experience, RSA periodically discontinues content (such as rules and reports). This is to keep pace with the ever evolving threat landscape, and to ensure our customers ar...
    RSA Information Design and Development
    last modified by RSA Product Team
  • RSA ESA Rules

    Pivot to Investigate > Navigate from Respond May Not WorkIn ESA rules that do not select every piece of meta from the session (that is, rules that do not use select *), you may see that data privacy (if enabled) an...
    RSA Information Design and Development
    last modified by RSA Product Team
  • RSA NetWitness Reports

    This topic lists the RSA NetWitness Reports. The reports are built upon rules and lists. When you download a report, all necessary RSA NetWitness Rules and RSA NetWitness Lists are also downloaded. You may, however, n...
    RSA Information Design and Development
    last modified by RSA Product Team
  • RSA NetWitness Rules

    This table lists all of the delivered RSA NetWitness Rules. Note: For content that has been discontinued, see Discontinued Content. Display Name File Name Description Medium Tag 11.1-11.2 Autoruns and Scheduled T...
    RSA Information Design and Development
    last modified by RSA Product Team
  • Packet Parsers

    This topic discusses and describes the packet (Lua) parsers available in RSA NetWitness Platform. If you need a parser that does not already exist, you can Request a Parser. Note: More information on each of these par...
    RSA Information Design and Development
    last modified by RSA Product Team
  • Content Bundles or Packs

    As part of the ongoing development of content to combat threats, RSA develops content bundles. These are grouped sets of content (rules, parsers, feeds) that can be deployed as a group from RSA Live. Deploying a...
    RSA Information Design and Development
    last modified by RSA Product Team
  • RSA NetWitness Endpoint Application Rules

    The following table lists the RSA Application Rules for NetWitness Endpoint. Display Name File Name Description Tag Accesses Administrative Share Using Command Shell accesses_administrative_share_using_command_shell A...
    RSA Product Team
    last modified by RSA Product Team
  • RSA NetWitness Application Rules

    The following table lists all of the delivered RSA Application Rules. For syntax and examples for application rules, see Application Rules Cheat Sheet. Note: For content that has been discontinued, see Discontinued Co...
    RSA Product Team
    last modified by RSA Product Team
  • Log Parser Customization

    On occasion, you may need to modify one or more of your log parsers. For example, you may need to fix an unknown message, or to parse certain fields differently than in the manner provided by default. Log Parser Cust...
    RSA Information Design and Development
    last modified by RSA Product Team
  • Configure SFTP Shell Script File Transfer

    Scott Marcus
    last modified by RSA Product Team
  • Live Search in NetWitness 11.x

      The following is an example showing the Live Search Categories in NetWitness11.x. You are here Table of Contents > Live Search in NetWitness 11.x
  • Deploy the Investigation Feed in Security Analytics 10.x

      To deploy the Investigation feed: In the Security Analytics menu, select Live > Search. In the Search Criteria section, select RSA Feed from the Resource Types drop-down menu. In the Keywords field, ...
  • Phishing Lua Parser Options

        Caution: RSA strongly suggests that you do not subscribe to the options file. Subsequent downloads of this file will overwrite all changes that you have made to the file. Note the following: ...
  • RSA Application Rules

      The following table lists all of the delivered RSA Application Rules. For syntax and examples for application rules, see Application Rules Cheat Sheet. Note: For content that has been discontinued, see Dis...