RSA Live August Content Announcement

Document created by RSA Admin Employee on Sep 10, 2015
Version 1Show Document
  • View in full screen mode
The RSA Content team is pleased to announce the addition of new and updated content to the RSA Live Content Library!  
 

 

 

During the month of August, we have made the following content available through RSA Live:

 

 

 

á New Event Steaming Analysis (ESA) rules (4) that will help analyst detect RATS, and Suspicious AWS environment changes. We also released a rule that indicates a potential two-stage malware dropper

 

 

 

á Updates to Event Streaming (ESA) rules (7) that will limit noise in customer ESA environments and ensure the most targeted and up to date intelligence in our rule library

 

 

 

á 1 Addition to our Application rule set allows analysts to detect a domain controller or directory server engaged in port activity that is outside expected ports

 

 

 

á Updated feeds from our RSA FirstWatch team that ensures the most targeted and up to date intelligence in our feed library

 

 

 

á New Log parser support for Radiator Radius Server that allows visibility into security access control

 

 

á 36 Updates to Log parsers that improves parsing accuracy and supports newer versions of event sources

 

 

 

 

 

For a full breakdown of new/updated content released to RSA Live, go here:

 

 

 

Content Announcement

 

 

 

Also, you can view our holistic content library and content request portals here:

 

 

 

RSA Live Content

 

Content Request Portals

 

 

 

 

 

In the future, the Content Team will continue to focus speeding the turn-around on content defects. Our primary focus is to increase parsing accuracy and eliminate parsing inconsistencies for our customers. We also are working on a meta dictionary output which will allow you to see what meta is generated on a per parser basis. Last but not least, we are working on categorizing content in Live by data source (Log, Packet, Log/Packet) so you can navigate to the content that is most important and valid for your environment.

 

 

 

We look forward to sharing some great updates with you next month!

 

 

 

 

 

Regards,

 

 

 

The ASOC Content Team

 

ASOC.Content@rsa.com 

 

 

  <!-- EndFragment -->

Attachments

    Outcomes