• ESA Rule Writing Best Practices

    When working with RSA Live ESA or the ESA Rule Builder, you should not need to know the EPL syntax used within the rules. However, if your use case exceeds the capabilities of either of these, you should become famili...
    RSA Information Design and Development
    last modified by RSA Product Team
  • Content Quick Start Guide

    This topic discusses configuration procedures for getting RSA NetWitness Platform set up initially in your environment. Sections: Configuring Services Deploying Content Developing Content Maintaining Content Inv...
    RSA Information Design and Development
    last modified by RSA Product Team
  • Live Search in NetWitness 11.x

      The following is an example showing the Live Search Categories in NetWitness11.x. You are here Table of Contents > Live Search in NetWitness 11.x
  • Deploy the Investigation Feed in Security Analytics 10.x

      To deploy the Investigation feed: In the Security Analytics menu, select Live > Search. In the Search Criteria section, select RSA Feed from the Resource Types drop-down menu. In the Keywords field, ...
  • Phishing Lua Parser Options

        Caution: RSA strongly suggests that you do not subscribe to the options file. Subsequent downloads of this file will overwrite all changes that you have made to the file. Note the following: ...
  • Known Threats Pack

        Many cyber threats have already been identified, and RSA NetWitness has been actively delivering content related to these identified threats. The content required to hunt these threats are in the form...
  • SMTP Lua Parser Options

        Caution: RSA strongly suggests that you do not subscribe to the options file. Subsequent downloads of this file will overwrite all changes that you have made to the file. Note the following: ...
  • Deploy the Hunting Pack in NetWitness 11.x

      To deploy the Hunting Pack: In the NetWitness UI, go to CONFIGURE > Live Content. In the Resource Type field, select Bundle, and click Search. Select the Hunting Pack bundle. You can view th...
  • Compliance Reports: Good Practice Guide 13 (GPG13)

      Good Practice Guide 13 (GPG13) defines requirements for protective monitoring—for example, the use of intrusion detection and prevention systems (IDS/IPS)—with which local authorities must comply i...
  • Endpoint Content

        This topic discusses the changes in RSA Content based on the NetWitness Endpoint being integrated with the RSA NetWitness Platform in version 11.3. For RSA NetWitness Platform 11.3, a new conte...
  • Content Bundles or Packs

        As part of the ongoing development of content to combat threats, RSA develops content bundles. These are grouped sets of content (rules, parsers, feeds) that can be deployed as a group from RSA L...
  • In Depth Feeds Information

        The RSA FirstWatch feeds are updated periodically, so please check back regularly to get the latest information. Note: For content that has been discontinued, see Discontinued Content. List of Feeds...
  • Compliance Reports: Family Educational Rights and Privacy Act (FERPA)

      The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that recei...
  • Compliance Reports: National Industrial Security Program Operating Manual (NISPOM)

      The National Industrial Security Program Operating Manual (NISPOM) developed by the Department of Defense, sets comprehensive standards for protecting classified data. All government agencies and commercial co...
  • Context Hub Lists in ESA Rules

        For RSA NetWitness Platform 11.1 and later, ESA Rules can use Context Hub (CH) Lists as whitelists and blacklists in their construction and processing. To see details about these rules, see RSA E...
  • Data Exfiltration

      What is Data Exfiltration? One of the most common goals of malicious actors is to steal data. Data exfiltration refers to the successful sending of information out of an environment to an environment controlle...
  • Create Custom (File Collection) Typespec

        RSA NetWitness uses type specification (typespec) files for ODBC and file collection. These files act on raw log files, and are used for two main purposes: Define where in the log file da...
  • UEBA Essentials Content Pack

        The purpose of UEBA Essentials and user-hunting is to detect or bring focus to suspicious user and entity behavior to find potential insider threats, lateral movement by external attackers, or ge...
  • Compliance Reports: Gramm-Leach-Bliley Act (GLBA)

      The Gramm-Leach-Bliley Act (GLBA) requires companies defined under the law as “financial institutions” to ensure the security and confidentiality of this type of information. As part of its impleme...
  • Compliance Reports: Federal Financial Institutions Examination Council (FFIEC)

      The Federal Financial Institutions Examination Council (FFIEC) is a body of the United States government empowered to prescribe principles, standards, and report forms for the federal examination of financial ...