Hello NetWitness Community, The NetWitness R&D organization is hard at
work expanding out behavior analytics and entity relationship tracking
capabilities and we would really appreciate input from the community as
validation and inspiration. One of t...
Security Analytics would like to help customers harness the user and
resource details stored in their Active Directory (LDAP) for behavior
analytics, incident response and investigations. Behavior analytics will
need very frequent access to the profi...
What if you could find hosts in your network that are actively
communicating with previously unknown malicious domains? Using the new
behavior analytics module introduced in Security Analytics (SA) 10.6 you
can. This new threat detection module is ac...
This video shows the experience of an analyst responding to a suspicious
domain detected by RSA Security Analytics behavior analytics via the
Incident Management interface.
Hi Craig, Apologize that the UI and documentation is not more clear on
this topic. I will circle back with the Docs and UX teams to file bugs
and get these clarified. As you correctly point out, ESA rules generate
alerts that have a severity rating o...
Great, it seems the consensus across customers we have spoken with is
option #2 with the addition of a throttling mechanism to limit the load
on AD from the SA query. Thank you for your input!
Thank you for the feedback Nathan. Do you have any concerns with
utilizing an LDIF file export for the initial bulk load in option #1, if
so what are they? If you had to choose between option 1 and 2 which
would be your top pick, and why?
Thank you for your input Jeremy. It's good to hear that #2 would be your
preferred approach. From various discussions this seems to be the case
for many SA customers.
Hi Nikolay, Thank you for this excellent post. The RSA Live content team
has been experimenting with rules very similar to the example you have
provided. Do you have any additional anomaly detection use cases you
would find valuable. Providing a mix ...
