hello, wondering if for SA RE IMDB queries - is there any way to access
event data in IMDB queries via RE? [when querying the alert
collection]e.g. alert.name,alert.events[0].threat_descor is it only the
IM enriched groupby_ properties e.g.alert.grou...
Can you please confirm if there are any compatibility issues with ECAT
4.1-4.4 and
https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software
or the registry key mitigations
https://portal.msrc.mic...
a) It looks like Malware server does not process CSVs as a suspect
filetype at all. a. As per this and these
https://www.we45.com/2017/02/14/csv-injection-theres-devil-in-the-detail/
https://pentestmag.com/formula-injection/
https://github.com/swissk...
2 weeks ago winevent_nic parser was released with a fault for parsing
command line as per device parser content releases need more
transparency I was hoping the content team have at least some of their
'things' together but alas:1) on 1st Nov the con...
thanks Ioana is what you're saying - RSA are not going to mark the new
kernels as compatible via live for KAM until you finish perf and BSOD +
whatever standard testing for ecat 4.1.0.2 onwards? (I guess my only
caveat is the live KAM file is ecat ag...
heh. we're on a mix of 4.2.0.4, 4.1.1.1 (yes yes i know there's awful
bugs, half of which we reported) and 4.3.0.3 [roughly 1/3 each]
Personally I think RSA testing should be based on is the telemetry
submitted by ecat server and the official support...
the problem is the fixes can be pushed silently by people's AV vendors
in signatures. e.g sophos. the second problem - not everyone is on
4.4.0.1. and not everyone can go and upgrade to it urgently and
immediately.... (generally most people have and ...
