NetWitness Community

We are very excited to announce a set of new content specifically designed to take advantage of the release of RSA Security Analytics 10.4 and RSA ECAT 4.0!

One of the major content highlights of the Security Analytics 10.4 release is the addition of NetFlow support. To take advantage this new feature, we’ve created a suite of NetFlow rules and reports that will allow you to collect and correlate flow-based host and protocol statistics. This allows our customers to better detect potentially malicious activity that may not occur underneath the umbrella of a packet or log decoder.

Another highlight of the releases is the deeper integration between RSA ECAT and RSA Security Analytics and the ability for ECAT to utilize RSA Live feeds.  This content release includes a set of correlation rules from Event Stream Analysis (ESA) to integrate endpoint data with log and network data.  Additionally, we have provided a set of new threat detection rules to detect identity abuse and DoS events.

NetFlow

•      New NetFlow reports providing a summary of top talkers, protocols, and applications.

•      New NetFlow alerts triggering on high volume TCP reset events, as well as SYN flood detection.

•      Netflow reports for “First Heard” source and destination IP.

Endpoint detection with RSA ECAT alerts

•      New correlation rules in ESA for detecting malicious end-point activity found by ECAT combined with network activity captured by Security Analytics. Use the power of both tools to gain a broader visibility into your environment and detect compromised hosts.

Threat Detection

•      New correlation rules in ESA rules to identify potential identity abuse and suspicious privileged escalations.

•      ESA rules to identify multiple denial of service techniques.

Regards,

The RSA Advanced SOC Content Team