This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Community Blog
Subscribe to the official NetWitness Community blog for information about new product features, industry insights, best practices, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
  • NetWitness Community
  • Blog
  • RSA Live September 2014 Content Annoucement

RSA Live September 2014 Content Annoucement

SethGeftic
SethGeftic Beginner
Beginner
Options
  • Subscribe to RSS Feed
  • Mark as New
  • Mark as Read
  • Bookmark
  • Subscribe
  • Email to a Friend
  • Printer Friendly Page
  • Report Inappropriate Content
‎2014-09-17 12:31 PM

We are very excited to announce a set of new content specifically designed to take advantage of the release of RSA Security Analytics 10.4 and RSA ECAT 4.0!

 

One of the major content highlights of the Security Analytics 10.4 release is the addition of NetFlow support. To take advantage this new feature, we’ve created a suite of NetFlow rules and reports that will allow you to collect and correlate flow-based host and protocol statistics. This allows our customers to better detect potentially malicious activity that may not occur underneath the umbrella of a packet or log decoder.

 

Another highlight of the releases is the deeper integration between RSA ECAT and RSA Security Analytics and the ability for ECAT to utilize RSA Live feeds.  This content release includes a set of correlation rules from Event Stream Analysis (ESA) to integrate endpoint data with log and network data.  Additionally, we have provided a set of new threat detection rules to detect identity abuse and DoS events.

 

NetFlow

•      New NetFlow reports providing a summary of top talkers, protocols, and applications.

•      New NetFlow alerts triggering on high volume TCP reset events, as well as SYN flood detection.

•      Netflow reports for “First Heard” source and destination IP.

 

Endpoint detection with RSA ECAT alerts

•      New correlation rules in ESA for detecting malicious end-point activity found by ECAT combined with network activity captured by Security Analytics. Use the power of both tools to gain a broader visibility into your environment and detect compromised hosts.

 

Threat Detection

•      New correlation rules in ESA rules to identify potential identity abuse and suspicious privileged escalations.

•      ESA rules to identify multiple denial of service techniques.

 

 

Regards,

 

The RSA Advanced SOC Content Team

Labels:
  • Announcements
  • Announcement
  • Content
  • content_announcement
  • ECAT
  • Live
  • NetWitness
  • news
  • NW
  • NWP
  • RSA NetWitness
  • RSA NetWitness Platform
  • security_analytics
0 Likes
Share

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

  • Comment
Latest Articles
  • Agent Tesla: The Information Stealer
  • Threat Analysis: Detecting “Follina” (CVE-2022-30190) RCE Vulnerability with Netwitness Endpoint
  • Introducing NetWitness Vision XDR
  • Introducing NetWitness Platform XDR v12.0
  • Atlassian Confluence Zero-day Vulnerability (0-Zero) CVE-2022-26134: What You Need To Know
  • ‘Follina’ CVE-2022-30190 0-Day: What You Need To Know
  • CVE-2022-1388: BIG-IP iControl REST RCE Vulnerability
  • Ragnar Locker Ransomware: The Rampage Continues…
  • Ransomware Email Attacks: Beware of BazarLoader
  • Detecting Impacket with Netwitness Endpoint
Labels
  • Announcements 54
  • Events 2
  • Features 9
  • Integrations 6
  • Resources 57
  • Tutorials 21
  • Use Cases 21
  • Videos 116
Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.