What HappenedOn December 8th, 2020, FireEye announced that it had been
the victim of a cyber attack perpetrated by an advanced nation state
actor. They've disclosed their research into the attack in a few places,
including:
https://www.fireeye.com/bl...
As of RSA Netwitness Platform 11.5, analysts have a new landing page
option to help them determine where to start upon login. We call this
new landing page Springboard. In 11.5 it will become the new default
starting page upon login (adjustable) and ...
We are excited to announce the release of the new RSA OSINT Indicator
feed, powered by ThreatConnect! Updated 3/24/2021: Adjusted meta key
mapping. Source information for any triggering indicator will begin
registering this value to the threat.source...
Visualization techniques can help an analyst make sense of a given data
set by exposing scale, relationships, and features that would be almost
impossible to derive by just looking at a list of individual data
points. As of RSA NetWitness Platform 11...
Did you know that you can use Respond for data exploration, even if you
aren't using it for Incident Management? While the naming convention
certainly does not suggest it, Respond can be just as useful outside of
incident response a place for analyst...
The score registered as ioc.score is taken directly from the
ThreatConnect ThreatAssess score for any given indicator. This score
combines threat severity (threat rating) score and confidence into a
single value between 0-1000. Some details on the al...
Hi Ricardo, this material is not intended to be shared outside of the
RSA organization. Please work with your local RSA SE or PS resources
with assistance working through specific sizing exercises, or
Hi Prasanna, Yes this is still possible. The process to do so is very
similar to creating charts & dashboards for other sources (eg.
NWDB).First, ensure the Reporting Engine is configured with Respond as a
data source: Reporting Engine: Configure the...
Hi Janusz, and thanks for your question. The non-UCF "Send To Archer"
integration is designed to only send the high level Incident information
to Archer. As you've noted, alerts and events do not come over as part
of this. One workaround you can cons...
