This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Community Blog
Subscribe to the official NetWitness Community blog for information about new product features, industry insights, best practices, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
  • NetWitness Community
  • Blog
  • RSA Live August 2014 Content Announcement

RSA Live August 2014 Content Announcement

ChristinaJasins
ChristinaJasins Beginner
Beginner
Options
  • Subscribe to RSS Feed
  • Mark as New
  • Mark as Read
  • Bookmark
  • Subscribe
  • Email to a Friend
  • Printer Friendly Page
  • Report Inappropriate Content
‎2014-08-18 07:48 AM

We are pleased to announce the release of our August Content pack in RSA Live for Security Analytics! This release continues last month’s focus on illuminating instances of sensitive data leakage and offers content designed to profile host and user activity. We’ll also be introducing our first batch of correlation rules connecting the dots between what SA is seeing “on the wire” and ECAT’s host-based alerts. Last but not least, this release expands our ability to provide our customers with the tools to detect potential identity theft and abuse.

Detection of Data Exfiltration

  • Introducing new Application rules, ESA rules, and Reports for detecting large outbound connections to cloud services, 3rd party mailers, and common posting sites. Also included is detection content to help customers identify instances of internal data harvesting and subsequent posting to cloud drive services.

ECAT & Security Analytics

  • ECAT does an excellent job of detecting advanced threats affecting a host. To further complement its detection ability is a set of ESA rules that will look at both ECAT alerts and a protected host’s activity on the network. This builds a foundation for providing an unparalleled level of insight into the stealthiest of advanced threats. New are four ESA rules for correlating ECAT alerts with:

 

    • Core Botnet alerting
    • Beaconing activity
    • Audit log clearing
    • Suspicious encrypted traffic

 

Identity

  • As Identity theft, fraud, and abuse further escalates to the top of our customers concerns, new content is being developed to help detect unauthorized, abusive, or fraudulent user activity occurring on their networks. Identity content includes:

 

  • 2 ESA rules for detecting unusual administrative activity and suspicious account removal
  • 3 Reports for summarizing user account activity, privileged account activity, and all activity associated with a particular user list

 

Additional Log Support

  •   Support for Cisco Meraki and Safenet HSM platforms as well as updated support for 2 new and 28 updates
Labels:
  • Announcements
  • Announcement
  • Content
  • content_announcement
  • Live
  • NetWitness
  • news
  • NW
  • NWP
  • RSA NetWitness
  • RSA NetWitness Platform
  • security_analytics
0 Likes
Share

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

  • Comment
Latest Articles
  • Agent Tesla: The Information Stealer
  • Threat Analysis: Detecting “Follina” (CVE-2022-30190) RCE Vulnerability with Netwitness Endpoint
  • Introducing NetWitness Vision XDR
  • Introducing NetWitness Platform XDR v12.0
  • Atlassian Confluence Zero-day Vulnerability (0-Zero) CVE-2022-26134: What You Need To Know
  • ‘Follina’ CVE-2022-30190 0-Day: What You Need To Know
  • CVE-2022-1388: BIG-IP iControl REST RCE Vulnerability
  • Ragnar Locker Ransomware: The Rampage Continues…
  • Ransomware Email Attacks: Beware of BazarLoader
  • Detecting Impacket with Netwitness Endpoint
Labels
  • Announcements 54
  • Events 2
  • Features 9
  • Integrations 6
  • Resources 57
  • Tutorials 21
  • Use Cases 21
  • Videos 116
Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.