• Log Parser Customization

    On occasion, you may need to modify one or more of your log parsers. For example, you may need to fix an unknown message, or to parse certain fields differently than in the manner provided by default. Log Parser Cust...
    RSA Information Design and Development
    last modified by RSA Product Team
  • RSA NetWitness Investigation Meta

    This table lists all of the delivered RSA NetWitness Investigation meta. Meta Key Details analysis.file: autorun Registered by: autorun.nwr analysis.file: autorun debian package mismatch Registered by: aut...
    RSA Product Team
    last modified by RSA Product Team
  • RSA Content - Table of Contents

        Use CasesRSA NetWitness Packet Hunting Guide RSA UEBA Essentials Hunting Guide  Content DeploymentNetWitness 11.x Live Services Guide Live Content Search Tags Investigation Model Endpoint Cont...
    RSA Information Design and Development
    last modified by RSA Product Team
  • Configure Windows Collection

    Windows Collection in RSA NetWitness® PlatformNetWitness Platform provides several ways to collect logs from Microsoft Windows machines. Each method has advantages and disadvantages, as well as different methods ...
    RSA Information Design and Development
    last modified by RSA Product Team
  • RSA NetWitness Application Rules

    The following table lists all of the delivered RSA Application Rules. For syntax and examples for application rules, see Application Rules Cheat Sheet. Note: For content that has been discontinued, see Discontinued Co...
    RSA Product Team
    last modified by RSA Product Team
  • Discontinued Content

    In an ongoing effort to provide the best user experience, RSA periodically discontinues content (such as rules and reports). This is to keep pace with the ever evolving threat landscape, and to ensure our customers ar...
    RSA Information Design and Development
    last modified by RSA Product Team
  • ESA Rule Writing Best Practices

    When working with RSA Live ESA or the ESA Rule Builder, you should not need to know the EPL syntax used within the rules. However, if your use case exceeds the capabilities of either of these, you should become famili...
    RSA Information Design and Development
    last modified by RSA Product Team
  • Configure SFTP Shell Script File Transfer

    Scott Marcus
    last modified by RSA Product Team
  • Live Search in NetWitness 11.x

      The following is an example showing the Live Search Categories in NetWitness11.x. You are here Table of Contents > Live Search in NetWitness 11.x
  • Deploy the Investigation Feed in Security Analytics 10.x

      To deploy the Investigation feed: In the Security Analytics menu, select Live > Search. In the Search Criteria section, select RSA Feed from the Resource Types drop-down menu. In the Keywords field, ...
  • Phishing Lua Parser Options

        Caution: RSA strongly suggests that you do not subscribe to the options file. Subsequent downloads of this file will overwrite all changes that you have made to the file. Note the following: ...
  • RSA Application Rules

      The following table lists all of the delivered RSA Application Rules. For syntax and examples for application rules, see Application Rules Cheat Sheet. Note: For content that has been discontinued, see Dis...
  • Known Threats Pack

        Many cyber threats have already been identified, and RSA NetWitness has been actively delivering content related to these identified threats. The content required to hunt these threats are in the form...
  • SMTP Lua Parser Options

        Caution: RSA strongly suggests that you do not subscribe to the options file. Subsequent downloads of this file will overwrite all changes that you have made to the file. Note the following: ...
  • Deploy the Hunting Pack in NetWitness 11.x

      To deploy the Hunting Pack: In the NetWitness UI, go to CONFIGURE > Live Content. In the Resource Type field, select Bundle, and click Search. Select the Hunting Pack bundle. You can view th...
  • Compliance Reports: Good Practice Guide 13 (GPG13)

      Good Practice Guide 13 (GPG13) defines requirements for protective monitoring—for example, the use of intrusion detection and prevention systems (IDS/IPS)—with which local authorities must comply i...
  • Endpoint Content

        This topic discusses the changes in RSA Content based on the NetWitness Endpoint being integrated with the RSA NetWitness Platform in version 11.3. For RSA NetWitness Platform 11.3, a new conte...
  • Content Bundles or Packs

        As part of the ongoing development of content to combat threats, RSA develops content bundles. These are grouped sets of content (rules, parsers, feeds) that can be deployed as a group from RSA L...
  • In Depth Feeds Information

        The RSA FirstWatch feeds are updated periodically, so please check back regularly to get the latest information. Note: For content that has been discontinued, see Discontinued Content. List of Feeds...
  • Compliance Reports: Family Educational Rights and Privacy Act (FERPA)

      The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that recei...