Summary:
RSA is excited to inform our customers of the availability of the Hunting Pack.
The Hunting Pack provides content developed and cultivated by RSA’s Incident Response (IR) team that offers enhanced threat detection and hunting capabilities. This content will be available via a Bundle in Live for customers on 10.6.2, or available for individual download to customers running older versions (requires 10.3 or greater for Lua support). The updated content contains numerous enhancements over the legacy version, and takes advantage of new meta keys for an improved hunting workflow. See the Press Release. This content will work in version 10.3 and greater. There is also information on how to use the content as well as the content associated with the Hunting Pack available via the “Hunting Guide".
For additional documentation, downloads, and more, visit the NetWitness Logs and Packets page or RSA Link.
In preparation for installing the Hunting Pack, customers should be aware that any original IR content will need to be removed prior to installing the Hunting Pack to ensure proper functionality. For guidance on the IR content removal process please see the “Remove Original IR Content Pack" document.
Affected Products:
All version of RSA NetWitness for Packets/Security Analytics 10.x running the legacy IR content.
EOPS Policy:
RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.
