The RSA Content team is pleased to announce the addition of new and updated content to the RSA Live Content Library.
New content and features now available:
Threat Detection Enhancement
RSA FirstWatch has released a parser that detects the network communication used by the GlassRAT Trojan.
RSA recently published a report on GlassRAT, a previously undetectable Remote Access Tool (RAT) that was discovered by the RSA Incident Response Team and investigated by RSA Research during an engagement with a multi-national enterprise.
Find additional details on GlassRat here: https://blogs.rsa.com/peering-into-glassrat/
RSA Live Enhancements
We have made it easier to find content within RSA Live through enhanced search capabilities.
Customers can now pinpoint the RSA Live content that is important and relevant to their environment by utilizing a “medium” filter available in Security Analytics 10.5.1. For example, if you’re looking for all content applicable to packet data, you now have the ability to search for “Packet” under the “Medium” search field in Live.
Check out SA Docs for more details of this enhancement:
Updated Basic Rule Builder
With Security Analytics 10.5.1, we have added the capability to create statements that filter based on external content in the basic rule builder. This enables users to leverage their external enrichments.
Out of the Box Content Updates
13 Updates to Log parsers that improve parsing accuracy and support newer versions of event sources.
For a full breakdown of new/updated content released to RSA Live, go here:
Also, you can view our entire content library and content request portals here:
In addition to net new content, The Content Team will continue to focus improving our out-of-the-box content by defining and applying categories for our existing content library. These analytical services categories will allow us and our customers to organize content in groups (Threat, Assurance, Identity, and Operations) which will allow them to apply and identify content more efficiently.
We also are working on a meta dictionary output which will allow you to see what meta is generated on a per parser basis. This effects the downstream of analytical content and enables us and customers to create accurate content based on meta outputs!
We look forward to sharing some great updates with you next month!
The ASOC Content Team
For additional documentation, downloads, and more, visit the Security Analytics Space on RSA Link.
RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the link below for additional details.
Product Version Life Cycle