RSA is pleased to announce the addition of new and updated content to the RSA Live Content Library.
Just in time for shopping season we’d like to bring to your attention to two research papers written by our RSA Incident Response team. Both papers are excellent examples of how RSA Security Analytics and RSA ECAT can be used together to identify malicious activity, specifically focused on point-of-sale attacks and malware. They can be found on the Community herehttps://community.emc.com/docs/DOC-40472 and here https://community.emc.com/docs/DOC-40473
Our research team, RSA FirstWatch, have also posted a blog on the Community outlining how to use Security Analytics to detect variants of the YAKES Trojan. You can find the blog post here:
We have created a bundle of new rules that are utilizing both our own intelligence feeds as well as RSA ECAT endpoint alerts that can now be used for incident detection with the Event Stream Analysis (ESA) appliance. We’ve also created rules utilizing IPS logs and host logs to detect DoS style attacks and service shutdowns as well as instances of mass audit log clearing. Lastly we’ve updated our 3rd party IOC feeds to include IOCs common to the activity of APT28, the suspected Russian threat group.
On the log front we have added log support for Bluecoat IPAM, DNS & DHCP as well as the Jenkins integration platform. We’ve also performed updates to 28 of our device log parsers
For a full list of New and Updated Content for November, please go here: