During the month of August, we have made the following content available through RSA Live:
á New Event Steaming Analysis (ESA) rules (4) that will help analyst detect RATS, and Suspicious AWS environment changes. We also released a rule that indicates a potential two-stage malware dropper
á Updates to Event Streaming (ESA) rules (7) that will limit noise in customer ESA environments and ensure the most targeted and up to date intelligence in our rule library
á 1 Addition to our Application rule set allows analysts to detect a domain controller or directory server engaged in port activity that is outside expected ports
á Updated feeds from our RSA FirstWatch team that ensures the most targeted and up to date intelligence in our feed library
á New Log parser support for Radiator Radius Server that allows visibility into security access control
á 36 Updates to Log parsers that improves parsing accuracy and supports newer versions of event sources
For a full breakdown of new/updated content released to RSA Live, go here:
Also, you can view our holistic content library and content request portals here:
In the future, the Content Team will continue to focus speeding the turn-around on content defects. Our primary focus is to increase parsing accuracy and eliminate parsing inconsistencies for our customers. We also are working on a meta dictionary output which will allow you to see what meta is generated on a per parser basis. Last but not least, we are working on categorizing content in Live by data source (Log, Packet, Log/Packet) so you can navigate to the content that is most important and valid for your environment.
We look forward to sharing some great updates with you next month!
The ASOC Content Team
<!-- EndFragment -->