This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
RuiAtaide
Respected Contributor RuiAtaide Respected Contributor
Respected Contributor
since ‎2012-08-30
3 weeks ago

User Statistics

  • 100 Posts
  • 12 Solutions
  • 37 Likes given
  • 61 Likes received
Conversation Starter
Making Yourself at Home
Welcome Back!
Standing Ovation
View all badges
Announcement Banner

Users are unable to open Netwitness Support Cases via email. Please open support cases via portal or by phone

View Details
  • NetWitness Community
  • About RuiAtaide

User Activity

  • Posts
  • Replies

Updated files for Detecting C&C Malleable Profiles Post

by RuiAtaide 2021-12-01 general.in NetWitness Discussions • latest reply by RuiAtaide 2021-12-02
2021-12-01
Updated content files for Detecting C&C Malleable Profiles Post - See post comments for details

Domain Fronting Malware

by RuiAtaide 2019-06-19 general.in NetWitness Community Blog • latest reply by RuiAtaide 2020-08-14
2019-06-19
Customers frequently ask me about malware that uses domain fronting and how to detect it. Simply put, domain fronting is when malware or an application pretends to be going to one domain but instead is going somewhere completely different. (Mitre ATT...

RSA NetWitness Packet Meta in ELK

by RuiAtaide 2019-03-11 general.in NetWitness Community Blog • latest reply by RuiAtaide 2019-11-19
2019-03-11
In line with some of my other integrations, I recently decided to also create a proof-of-concept solution on how to integrate RSA NetWitness meta data into an ELK stack. Given that I already had a couple of Python scripts to extract NetWitness meta v...

Why Sysmon when you have NWE

by RuiAtaide 2017-03-10 general.in NetWitness Community Blog • latest reply by RuiAtaide 2017-03-20
2017-03-10
Eric Partington mentioned on his recent post Log - Sysmon 6 Windows Event Collection that a lot is being said about the use of Sysmon with logging solutions. As Incident Responders or even as simple malicious activity hunters one of the key sources o...

SA REST Stats Collection nwstatusreport.py

by RuiAtaide 2015-11-18 general.in NetWitness Discussions
2015-11-18
Hi, I recently found out that several people use this script regularly and some have even tweaked or updated it, so it seems logical that we have a place to host it and share ideas about it. Hopefully this will be that place, I may look at moving the...
View more

Re: Updated files for Detecting C&C Malleable Profiles Post

by RuiAtaide 2021-12-02 general.in NetWitness Discussions
2021-12-02
Just updated the NWR ZIP with additional content that had not changed. SSL Certificates and Named Pipes.

Re: Detecting C&C Malleable Profiles

by RuiAtaide 2021-12-01 general.in NetWitness Community Blog
2021-12-01
As @WilliamMotley1 mentioned headerCatalog() was not supported and has now been discontinued, with that in mind, I've updated the rules to make use of the customHeaders() option in HTTP_lua_options.lua instead, as partially shown below: The list will...

Re: Exchange Exploit Case Study – CVE-2020-0688

by RuiAtaide 2020-08-25 general.in NetWitness Community Blog
2020-08-25
The following CyberChef recipe may help with command extraction from IIS Exchange Logs: https://gchq.github.io/CyberChef/#recipe=Filter('Line%20feed','/ecp/default.aspx',false)Fork('%5C%5Cn','%5C%5Cn-----%5C%5Cn',false)Find_/_Replace(%7B'option':'Reg...

Re: Domain Fronting Malware

by RuiAtaide 2020-08-14 general.in NetWitness Community Blog
2020-08-14
Quick update: We are aware of the following session DEF CON Safe Mode - Erik Hunstad - Domain Fronting is Dead, Long Live Domain Fronting Using TLS 1.3 - YouTube With the provided detection details we have added this detection to the TLS_Lua Live par...

Re: Beacons to pendo.io

by RuiAtaide 2020-07-03 general.in NetWitness Discussions • latest reply by RichardB 2020-07-06
2020-07-03
Hi Richard, Well spotted and great use of the tool  It's to do with the Customer Experience Improvement Program that can be disabled under Admin > System > Info. It seems to default *on* instead of *off* but I will let others comment on that. Hope t...
View more
Likes from
User Count
Michael-ISH
Michael-ISH Consumer
1
Anonymous
11
dougds
dougds New Contributor
4
PraveenPandyan
PraveenPandyan Beginner
2
AgustinGras
AgustinGras Contributor
1
View all
Likes given to
User Count
LeeKirkpatrick
Valued Contributor LeeKirkpatrick Valued Contributor
18
SMaccaglia
SMaccaglia Contributor
1
ChrisThomas
ChrisThomas Frequent Contributor
5
RSAIncidentResp
Employee RSAIncidentResp
3
SteveB
SteveB Beginner
1
View all
Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.