Using RSA NetWitness to Detect Command and Control: PoshC2 v5.0
December 2, 2019
Command and Control platforms are constantly evolving. In one of my previous blog posts, I detailed...
Detecting a MuddyWater APT using the RSA NetWitness Platform
November 21, 2019
MuddyWater MuddyWater is a state-sponsored threat group suspected to be linked to Iran. It has...
Detection of an APT33 Attack using RSA NetWitness
November 17, 2019
APT33 is a state-sponsored group suspected to be linked to Iran. It has been active since 2013 and...
RSA NetWitness - Log Parser Rules (Dynamic Rules)
November 4, 2019
Documentation Link: Log Parsing Customization Guide for RSA NetWitness Platform 11.x - Table of...
RSA NetWitness - Meta Entity
October 31, 2019
The video covers the concepts and uses of a NetWitness feature called "Meta Entity". Accompanying...
Contextualizing JA3 Fingerprints
October 13, 2019
19DEC2019 Update: Modified the original ESA rule (ja3context.txt) with additional/better logic to...
ESA Notification script broken in version 10.6.6.1
October 12, 2019
If you use notification scripts as part of your ESA rules and recently migrated to version 10.6.6.1...
A new RSA NetWitness® Platform 11.3 documentation page is live!
October 7, 2019
Today RSA Link implemented a new way of presenting documentation to help RSA NetWitness® Platform...
Introducing the new Engineering Requests dashboard in the RSA Case Management portal
October 3, 2019
One of the biggest commitments we at RSA make to our customers is to provide best-in-class security...
Recover forgotten root password on CentOS 7
September 26, 2019
Change Note: The attached script for changing passwords across all Netwitness hosts, has been...