RSA Live December Content Announcement

Document created by RSA Link Team Employee on Mar 18, 2016
Version 1Show Document
  • View in full screen mode

The RSA Content team is pleased to announce the addition of new and updated content to the RSA Live Content Library. 

New content and features now available:

 

Threat Detection Enhancement

 

 

RSA FirstWatch has released a parser that detects the network communication used by the GlassRAT Trojan.

 

RSA recently published a report on GlassRAT, a previously undetectable Remote Access Tool (RAT) that was discovered by the RSA Incident Response Team and investigated by RSA Research during an engagement with a multi-national enterprise.

 

Find additional details on GlassRat here: https://blogs.rsa.com/peering-into-glassrat/

 

 

RSA Live Enhancements

 

We have made it easier to find content within RSA Live through enhanced search capabilities.

 

Customers can now pinpoint the RSA Live content that is important and relevant to their environment by utilizing a “medium” filter available in Security Analytics 10.5.1.  For example, if you’re looking for all content applicable to packet data, you now have the ability to search for “Packet” under the “Medium” search field in Live.

 

Check out SA Docs for more details of this enhancement:

https://sadocs.emc.com/0_en-us/089_105InfCtr/31_LivRes/30_Ref/LiveSrchVw

 

 

Updated Basic Rule Builder

 

With Security Analytics 10.5.1, we have added the capability to create statements that filter based on external content in the basic rule builder. This enables users to leverage their external enrichments.

 

 

Out of the Box Content Updates

 

13 Updates to Log parsers that improve parsing accuracy and support newer versions of event sources.

 

For a full breakdown of new/updated content released to RSA Live, go here:

 

https://sadocs.emc.com/0_en-us/300_RSA_ContentAndResources/RSA_Content_Resources

 

Also, you can view our entire content library and content request portals here:


https://sadocs.emc.com/0_en-us/300_RSA_ContentAndResources

 

https://sadocs.emc.com/0_en-us/300_RSA_ContentAndResources/RSA_Content_Resources/40_Request_Portals

 

 

In addition to net new content, The Content Team will continue to focus improving our out-of-the-box content by defining and applying categories for our existing content library. These analytical services categories will allow us and our customers to organize content in groups (Threat, Assurance, Identity, and Operations) which will allow them to apply and identify content more efficiently.

 

We also are working on a meta dictionary output which will allow you to see what meta is generated on a per parser basis. This effects the downstream of analytical content and enables us and customers to create accurate content based on meta outputs!

 

We look forward to sharing some great updates with you next month!

 

 

Regards,

 

The ASOC Content Team

ASOC.Content@rsa.com


For additional documentation, downloads, and more, visit the Security Analytics Space on RSA Link.

 

EOPS Policy:

RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the link below for additional details.
Product Version Life Cycle

Attachments

    Outcomes