NetWitness Community

RSA is pleased to announce the addition of new and updated content to the RSA Live Content Library.

RSA Research

Just in time for shopping season we’d like to bring to your attention to two research papers written by our RSA Incident Response team. Both papers are excellent examples of how RSA Security Analytics and RSA ECAT can be used together to identify malicious activity, specifically focused on point-of-sale attacks and malware. They can be found on the Community here https://community.emc.com/docs/DOC-40472 and here https://community.emc.com/docs/DOC-40473

Our research team, RSA FirstWatch, have also posted a blog on the Community outlining how to use Security Analytics to detect variants of the YAKES Trojan. You can find the blog post here:

https://community.emc.com/docs/DOC-40349

New Content

We have created a bundle of new rules that are utilizing both our own intelligence feeds as well as RSA ECAT endpoint alerts that can now be used for incident detection with the Event Stream Analysis (ESA) appliance. We’ve also created rules utilizing IPS logs and host logs to detect DoS style attacks and service shutdowns as well as instances of mass audit log clearing. Lastly we’ve updated our 3^rd party IOC feeds to include IOCs common to the activity of APT28, the suspected Russian threat group.

On the log front we have added log support for Bluecoat IPAM, DNS & DHCP as well as the Jenkins integration platform. We’ve also performed updates to 28 of our device log parsers

For a full list of New and Updated Content for November, please go here:

November Announcements

NEW! To view the entire library of content go to the  “Content and Resource” section on RSA Security Analytics Docs (SA Docs):

https://sadocs.emc.com/0_en-us/300_RSA_ContentAndResources

We look forward to presenting you new content updates next month!

Regards,

The RSA Security Analytics Content Team