This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Community Blog
Subscribe to the official NetWitness Community blog for information about new product features, industry insights, best practices, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Meltdown / Spectre patch validation with NetWitness for Endpoint

XavierTrepanier
Employee
Employee
‎2018-01-23 09:48 AM

Vulnerabilities give headaches to security teams. RSA aims to improve the user experience and minimize the time of response to these types of attacks. When publishing the Meltdown / Spectre vulnerability, Microsoft released updates to be installed on all Windows operating systems.

 

However, we have created an Instant Indicator of Compromise (IIOC) to perform validation if the update was installed on each endpoint regardless of the version of the operating system.

 

When the IIOC does not detect this update on the endpoint, it will trigger:

 

pastedImage_1.png

 

IIOC configuration:

 

pastedImage_3.png

 

For your convenience, you can download this IIOC below. 

No_Meltdown_Spectre_Microsoft_Patch_installed.7z.zip
No_Meltdown_Spectre_Microsoft_Patch_installed.7z.zip
1 Comment
© 2022 RSA Security LLC or its affiliates. All rights reserved.