As part of the ongoing development of content to combat threats, RSA develops content bundles. These are grouped sets of content (rules, parsers, feeds) that can be deployed as a group from RSA Live.
You can deploy all of the items in the bundles through Live.
To deploy a bundle:
Depending on your version:
- For NetWitness 11.x: Go to CONFIGURE > Live Content.
- For Security Analytics 10.x: From the Security Analytics menu, select Live > Search.
- In the Resource Type field, select Bundle.
- Select the bundle you wish to deploy.
- Select Deploy, then follow the steps in the wizard.
For more details see the following:
Blog on Lateral Movement: https://community.rsa.com/community/products/netwitness/blog/2016/03/09/lateral-movement-windows
Lateral Movement details topic: https://community.rsa.com/docs/DOC-54594
- Announcement of the Hunting Pack: https://community.rsa.com/docs/DOC-63289
- RSA NetWitness Hunting Guide: https://community.rsa.com/docs/DOC-62341
Bundles Available in Live
This table lists all of the available bundles.