The Hunting Pack is a set of content that derives indicators of compromise and anomalous events. Deploying this bundle will download all of the content and content dependencies of the Hunting Pack including the associated feed, Lua parsers and reports.
For more details about the suggested investigation techniques refer the RSA NetWitness Hunting Guide
- ESA Rule: Webshell Detected
- Feed: RSA FirstWatch SSL Blacklist
- Hunting Detail
- Hunting Summary
- Malware Activity Report