Several changes have been made to the Threat Detection Content in Live. For added detection you need to deploy/download and subscribe to the content via Live, for retired content you'll need to manually remove those.
Detailed configuration procedures for getting RSA NetWitness Platform setup - Content Quick Start Guide
Read more about https://community.rsa.com/community/products/netwitness/blog/2019/04/18/identify-wireguard-traffic-on-netwitness-packets
More information about Packet Parsers
More information about NetWitness 11.4 New Features andAlerting: ESA Rule Types
Read more about SMB_lua in action -
Read more about https://community.rsa.com/community/products/netwitness/blog/2020/01/16/using-rsa-netwitness-to-detect-lateral-movement-scshell-dcerpc
Read more about https://community.rsa.com/community/products/netwitness/blog/2016/08/30/ssl-and-netwitness
We strive to provide timely and accurate detection of threats as well as traits that can help analysts hunt through network and log data. Occasionally this means retiring content that provides little-to-no value.
https://community.rsa.com/docs/DOC-57979
For additional documentation, downloads, and more, visit the RSA NetWitness Platform page on RSA Link.
RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.