Every SOC analyst should spend at least part of his/her day reading
various blog posts and white papers on attacker profiles and their tools
and techniques. Attackers often repeat at least certain aspects of their
activity on various targets, and thu...
IntroductionThere are many, many ways to exfiltrate data from a network,
but one common way to do it is using DNS Exfiltration.With these
specific techniques the attackers use the already open port for dns
traffic as the door for uploading and downlo...
Dell Customer Communication - Confidential Hi Devaraj, in my experience
I have always used NetWitness for the generation of alarms and
accidents, but always forwarded and managed with Archer / SecOps. In
this way you have the possibility to different...
Hi, Try to see if that article can help in your environment:
https://community.rsa.com/docs/DOC-80195 This is just one example, for
the beast solution, is better to contact your account or ps and discuss
with him the best solution to apply on your en...
Hi, Sure,can be a solution. You can also add a custom meta tag and fill
with feed of sitename,decodername for example. Obviously you need a
decoder of each different site. But basically the way you cam simply
follow is the meta tag. I’ve used for man...
Hi, You can try in this way: at decoder level tag all the traffic with
site name If you use also Archer/Secops add 1 queue for each site In
this way you have one meta with sitename and you can separate everything
according to your preference. Regards...
Hi, here my suggestion: 1) You have to establish a logon policy
according to company work time and also approved by HR. Everyone have to
know the presence of restrictive logon policy, and can't be bypassed.2)
Apply the policy to your AD.3) Log Window...