• Known Threats Pack

        Many cyber threats have already been identified, and RSA NetWitness has been actively delivering content related to these identified threats. The content required to hunt these threats are in the form...
  • SMTP Lua Parser Options

        Caution: RSA strongly suggests that you do not subscribe to the options file. Subsequent downloads of this file will overwrite all changes that you have made to the file. Note the following: ...
  • Deploy the Hunting Pack in NetWitness 11.x

      To deploy the Hunting Pack: In the NetWitness UI, go to CONFIGURE > Live Content. In the Resource Type field, select Bundle, and click Search. Select the Hunting Pack bundle. You can view th...
  • Compliance Reports: Good Practice Guide 13 (GPG13)

      Good Practice Guide 13 (GPG13) defines requirements for protective monitoring—for example, the use of intrusion detection and prevention systems (IDS/IPS)—with which local authorities must comply i...
  • Endpoint Content

        This topic discusses the changes in RSA Content based on the NetWitness Endpoint being integrated with the RSA NetWitness Platform in version 11.3. For RSA NetWitness Platform 11.3, a new conte...
  • In Depth Feeds Information

        The RSA FirstWatch feeds are updated periodically, so please check back regularly to get the latest information. Note: For content that has been discontinued, see Discontinued Content. List of Feeds...
  • Compliance Reports: Family Educational Rights and Privacy Act (FERPA)

      The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that recei...
  • Compliance Reports: National Industrial Security Program Operating Manual (NISPOM)

      The National Industrial Security Program Operating Manual (NISPOM) developed by the Department of Defense, sets comprehensive standards for protecting classified data. All government agencies and commercial co...
  • Context Hub Lists in ESA Rules

        For RSA NetWitness Platform 11.1 and later, ESA Rules can use Context Hub (CH) Lists as whitelists and blacklists in their construction and processing. To see details about these rules, see RSA E...
  • Data Exfiltration

      What is Data Exfiltration? One of the most common goals of malicious actors is to steal data. Data exfiltration refers to the successful sending of information out of an environment to an environment controlle...
  • Create Custom (File Collection) Typespec

        RSA NetWitness uses type specification (typespec) files for ODBC and file collection. These files act on raw log files, and are used for two main purposes: Define where in the log file da...
  • UEBA Essentials Content Pack

        The purpose of UEBA Essentials and user-hunting is to detect or bring focus to suspicious user and entity behavior to find potential insider threats, lateral movement by external attackers, or ge...
  • Compliance Reports: Gramm-Leach-Bliley Act (GLBA)

      The Gramm-Leach-Bliley Act (GLBA) requires companies defined under the law as “financial institutions” to ensure the security and confidentiality of this type of information. As part of its impleme...
  • Compliance Reports: Federal Financial Institutions Examination Council (FFIEC)

      The Federal Financial Institutions Examination Council (FFIEC) is a body of the United States government empowered to prescribe principles, standards, and report forms for the federal examination of financial ...
  • RSA Threat Content mapping with MITRE ATT&CK™

        Introduction to MITRE ATT&CK Navigator Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) for enterprise is a framework which describes the adversarial actions or tactics from Init...
  • Compliance Reports: Federal Information Security Management Act (FISMA)

      The Federal Information Security Management Act (FISMA) is designed to ensure appropriate security controls for government information systems. Dependencies The FISMA compliance reports have the follow...
  • Hunting Pack

        The Hunting Pack is a set of content that derives indicators of compromise and anomalous events. Deploying this bundle will download all of the content and content dependencies of the Hunting Pack inc...
  • Change Core ESA Rule or Alert Parameters

      Change Rule Parameters Some Event Stream Analysis Rules can have parameters (for example, a time period) that you can modify using the ESA Rules View. For example, the Adapter in Promiscuous Mode after M...
  • RSA NetWitness Hunting Guide

                Due to problems saving this topic as a PDF, please use the following link if you require a PDF of this content: Hunting Guide PDF RSA NetWitness Platform...
  • RSA NetWitness YouTube Videos

        Expert members of the RSA NetWitness team have recorded informational videos and uploaded them to YouTube. This topic provides a list of the most recent of these videos.     &...