Introduction to MITRE’s ATT&CK™ and Mapping to ESA Rules
August 31, 2018
Introduction to MITRE’s ATT&CK™ Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) for...
Gathering Stats with Salt - BIOS/iDRAC/PERC Edition
August 29, 2018
A recent advisory was sent out for firmware updates to a number of base components in NetWitness. ...
RSA NetWitness Query Syntax Compared to Wireshark Display Filters
August 23, 2018
Wireshark has been around for a long time and the display filters that exist are good reference...
What's on your wire: Anatomy of a new Lua packet parser
August 20, 2018
I was reviewing a packet capture file I had from a recent engagement. In it, the attacker had tried...
Parsing Suricata JSON logs with NW
August 13, 2018
To successfully parse Suricata JSON logs via syslog collector we need to use LUA parser in...
Improving Alerts' Related Links in Respond
August 7, 2018
The Respond Engine in 11.x contains several useful pivot points and capabilities that allow...
New: RSA SecurID Access and RSA NetWitness Integration
August 2, 2018
RSA SecurID Access (Cloud Authentication Service) is an access and authentication platform with a...
What's on your wire: Panning for Gold in OTHER - The story of HL7
July 23, 2018
Whenever I am on an engagement that involves the analysis of network traffic, my preferred tool of...
11 Reasons to Love RSA NetWitness Platform v11.x
July 20, 2018
If you haven’t seen the new RSA NetWitness Platform, you are missing out. Over the past 12 months,...
How to use non-root user to run root privilege commands in Netwitness server putty
July 10, 2018
This document helps to allow non-root user to run root privilege commands without root password. 1....