This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Community Blog
Subscribe to the official NetWitness Community blog for information about new product features, industry insights, best practices, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
  • NetWitness Community
  • Blog
  • RSA Live July 2014 Content Announcement

RSA Live July 2014 Content Announcement

ChristinaJasins
ChristinaJasins Beginner
Beginner
Options
  • Subscribe to RSS Feed
  • Mark as New
  • Mark as Read
  • Bookmark
  • Subscribe
  • Email to a Friend
  • Printer Friendly Page
  • Report Inappropriate Content
‎2014-07-31 10:53 AM

We are pleased to announce the release of our July Content pack for RSA Live! This release continues last month’s focus on providing “at-a-glance” situational awareness.  It also expands on our ability to detect both sensitive data leaving the network and potentially dangerous executable payload.

Reporting capabilities are introduced focusing on enabling our customers to detect suspicious mail traffic patterns commonly associated with Phishing attempts. And lastly we have a released a new parser designed to identify common HTML-based threat indicators. 

The above is a subset of the threat detection content were are quietly building behind the scenes to accompany our upcoming 10.4 release of Security Analytics and helps set the stage for providing the most advanced threat detection capability on the market today.

Detection of Data Exfiltration

  • New application rules for detecting sensitive data leaving the network via unknown protocols as well as common protocols not normally associated with files transfers.

  Expanded Reporting

  • Introduction of the Phishing Profile report. This report summarizes data relevant to identifying phishing attempts in the customer environment. In particular it summarizes HREF header mismatches, mail traffic from top countries by frequency, top email subjects, top email addresses by frequency, and top file extension of attachments by frequency.
  • Enhancing situational awareness are new two reports:
    • Top Communicants Report:  allows the customer to immediately see the top talkers on their network by country, domain, inbound protocol and outbound protocol.
    • Executables Report: presents instances of all executables detected on wire. This report is broken into four sections: Executables by Domain, Country, Abnormal executables - Suspicious and Abnormal executables -Warning.

  Enhanced Threat Detection

  • A new LUA parser called “HTML_threat”. This parser is designed to detect common HTML threat indicators like hidden frames and embedded objects within a web page.  

Additional Log Support

  • We’ve created support for two new log sources as well as provided updates to 30 of our existing log sources.
Labels:
  • Announcements
  • Announcement
  • Content
  • content_announcement
  • Live
  • NetWitness
  • news
  • NW
  • NWP
  • RSA NetWitness
  • RSA NetWitness Platform
  • security_analytics
0 Likes
Share

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

  • Comment
Latest Articles
  • Agent Tesla: The Information Stealer
  • Threat Analysis: Detecting “Follina” (CVE-2022-30190) RCE Vulnerability with Netwitness Endpoint
  • Introducing NetWitness Vision XDR
  • Introducing NetWitness Platform XDR v12.0
  • Atlassian Confluence Zero-day Vulnerability (0-Zero) CVE-2022-26134: What You Need To Know
  • ‘Follina’ CVE-2022-30190 0-Day: What You Need To Know
  • CVE-2022-1388: BIG-IP iControl REST RCE Vulnerability
  • Ragnar Locker Ransomware: The Rampage Continues…
  • Ransomware Email Attacks: Beware of BazarLoader
  • Detecting Impacket with Netwitness Endpoint
Labels
  • Announcements 54
  • Events 2
  • Features 9
  • Integrations 6
  • Resources 57
  • Tutorials 21
  • Use Cases 21
  • Videos 116
Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.