This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Community Blog
Subscribe to the official NetWitness Community blog for information about new product features, industry insights, best practices, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Log - Lateral Movement - Logging required eventID's ?

EricPartington
Employee
Employee
‎2016-12-20 04:57 PM

This is a helper report for the lateral movement report pack and alerting capability that was released a while back.

 

This will query for the eventID's that are required to trip the alerting and reporting that were released, to make it easier to understand if the required data is available for the content that was published.

 

https://community.rsa.com/community/products/netwitness/blog/2016/03/09/lateral-movementwindows

 

Contents:

1 report

8 rules

 

Imports into Threats - Windows Lateral Movement

 

pastedImage_1.png

RE-Threats-Windows Lateral Movement.zip
Labels:
RE-Threats-Windows Lateral Movement.zip
© 2022 RSA Security LLC or its affiliates. All rights reserved.