The RSA Content team is pleased to announce the addition of new and updated content to the RSA Live Content Library! As always the Content team has been heads down reviewing our existing Event Stream Analysis (ESA) rule library. This massive effort is focused on ensuring accuracy and organization around our current correlative capabilities. We are going above and beyond validating the logic of the rules, and we are leveraging our team of subject matter experts to eliminate false positives and ensure an extremely targeted rule set.
Let’s take a look at what we have released to RSA Live during the month of April:
18 Updates to Event Streaming Analysis (ESA) rules
This will limit noise in customer ESA environments and ensure the most targeted intelligence in our rule library
25 Lua parser updates
This effort enhances parser performance, relieves memory issues, and ensures no duplication of generated meta
11 Application Rule updates
Addresses an issue where the “filter” app rules were not set to “filter”
2 New Log parsers
Microsoft URL Scan - MS URL Scan is a tool that identifies the different types of HTTP requests that are sent to an IIS, giving SA visibility into blocked/rejected URLs
UnboundID Identity Store access log events are supported
26 Log parser updates
Improves parsing accuracy and supports newer versions of event sources
For a full breakdown of new/updated content released to RSA Live, go here:
The next few months will be an exciting time for the Content Team! We will be finishing up our ESA rule library project and also focusing on rules and reports to enable alerting for critical activity with AWS environments. We are also planning on releasing some cool content for ShadowIT detection!
We look forward to sharing some great updates with you next month!