Live Content Search Tags

Document created by RSA Information Design and Development on May 25, 2016Last modified by RSA Information Design and Development on Apr 10, 2018
Version 140Show Document
  • View in full screen mode
 

This topic describes the Advanced Security Operations Center (ASOC) tags. These tags are used to organize Live content and to deliver an accurate path to information security incident response. The tags are found in the Live Search view, as:

  • Tags in Security Analytics 10.x
  • Categories in NetWitness 11.x

Context

The objective of a tag is to catalog existing content for deployment according to an incident response approach. Currently, the model contains the following tags:

  • accounting
  • action on objectives
  • application analysis
  • assurance
  • attack phase
  • audit
  • authentication
  • authorization
  • command and control
  • compliance
  • corporate
  • crimeware
  • data exfiltration
  • data sabotage
  • delivery
  • denial of service
  • event analysis
  • exploit
  • featured
  • file analysis
  • filters
  • flow analysis
  • identity
  • installation
  • key loggers
  • lateral movement
  • log analysis
  • malware
  • malware analysis
  • operations
  • organizational hazard
  • protocol analysis
  • reconnaissance
  • remote access trojans
  • risk
  • situation awareness
  • spectrum
  • threat
  • vulnerability management
  • web shells

These tags are a part of the investigation model described in the NetWitness Investigation Model.

Note: When you search in Live, note that categories or tags you enter are ORed. That is, if you search for threat and assurance, all content that is tagged as either threat or assurance is returned.

Example: Live Search in NetWitness 11.x 11.x, or Live Search in Security Analytics 10.x.

You are here
Table of Contents > Content Meta > Live Content Search Tags

Attachments

    Outcomes