Hello NetWitness Community, The NetWitness R&D organization is hard at
work expanding out behavior analytics and entity relationship tracking
capabilities and we would really appreciate input from the community as
validation and inspiration. One of t...
Security Analytics would like to help customers harness the user and
resource details stored in their Active Directory (LDAP) for behavior
analytics, incident response and investigations. Behavior analytics will
need very frequent access to the profi...
What if you could find hosts in your network that are actively
communicating with previously unknown malicious domains? Using the new
behavior analytics module introduced in Security Analytics (SA) 10.6 you
can. This new threat detection module is ac...
Hi Craig, Apologize that the UI and documentation is not more clear on
this topic. I will circle back with the Docs and UX teams to file bugs
and get these clarified. As you correctly point out, ESA rules generate
alerts that have a severity rating o...
Thank you for the feedback Nathan. Do you have any concerns with
utilizing an LDIF file export for the initial bulk load in option #1, if
so what are they? If you had to choose between option 1 and 2 which
would be your top pick, and why?
Hi Nikolay, Thank you for this excellent post. The RSA Live content team
has been experimenting with rules very similar to the example you have
provided. Do you have any additional anomaly detection use cases you
would find valuable. Providing a mix ...