Content - Domains with one UserAgent
June 3, 2018
I leverage many sources to get ideas around spotting anomalies in an environment. One of the...
RSA Netwitness Suite Log Parser 2.3.99
May 21, 2018
Overview This version will now parse over 1,400 events from the devices, however the parser does...
Feed: MS Logon Type Description
May 14, 2018
logon.type has been a numeric value for windows logs in RSA NetWitness for a while, but it might...
SynAck Ransomware's Behavior in RSA NetWitness Endpoint
May 14, 2018
A new variant of the SynAck ransomware has been seen in the wild using Process Doppleganging to...
New Text Indexing Features in RSA NetWitness v11.1
May 4, 2018
RSA NetWitness v11.1 introduces powerful new text indexing features to the RSA NetWitness core...
Size Index Bucketing
May 4, 2018
One of the more challenging things to accomplish in the RSA NetWitness core database is querying...
Health & Wellness uses an old IP for connecting to a device - How to Resolve
April 30, 2018
Health and Wellness leverages RabbitMQ to be able to collect the actual status of any components of...
NetWitness Endpoint Column and Meta Groups (11.1 Insights or 11.0/4.4 Meta Integration)
April 25, 2018
Here are a few column and meta groups to help get you started in NW 11.1 for either the free NW...
Slow iDRAC Network Performance
April 23, 2018
If you have done anything on an iDRAC that requires the mounting of an ISO file or some...
Top Level Domain (TLD) Lua Parser for Logs
April 16, 2018
The TLD parser has been updated to now deploy on Log Decoders. The parser looks for the following...