Over the last year a few trends have emerged in detection ruleset
sharing circles. Standards or common formats of sharing detective
rulesets have emerged as the defacto way teams are communicating
rulesets to then convert into local technologies. Yar...
RSA NetWitness has a number of integrations with threat intel data
providers but two that I have come across recently were not listed (MISP
and Minemeld) so I figured that it would be a good challenge to see if
they could be made to provide data in a...
Recently, a question came from a customer who wanted to know if it was
possible to alert when a new device.ip started logging to RSA
NetWitness. Thinking about it for a second it seemed like a good test of
a new template that I was testing for ESA. T...
These are a collection of ESA rules that create persisted in-memory
tables for various different scenarios. Hopefully they are useful as
well as serve as templates for future ideas. GitHub -
epartington/rsa_nw_esa_whatsnew: collection of ESA rules fo...
Joshua Randall had a recent post that showed how to use the
resourceBundle package to create a custom package for content
Have created internal ticket to get those either fixed or removed from
the next build. You can disable or remove those context items in the
mean time so they do not confuse any analysts that are attempting to use
you can change them using this path:Admin > System > Context Menu