I have a question from an internal customer:
would like to get RSA engaged and find out how to further tune false positives from the spectrum/malware analysis appliance. For instance if we saw a mcafee dat file fire that was a false positive, we would like to tune this filename/hash /various other characteristics from preventing the tool to fire in the future. If we can get this to tune as requested, would like to ingest syslog into the SIEM and look at potential alerts .
The customer already has RSA Security Analytics User Documentation. Is there any other resource he can access to help answer his questions?