Scheduled and Ad-Hoc ESA Alerts
April 23, 2019
Quite frequently when testing ESA alerts and output options / templates, I have wanted the ability...
Detecting DNS Tunnel Activity in RSA NetWitness
April 22, 2019
Introduction There are many, many ways to exfiltrate data from a network, but one common way to do...
Understanding and Creating RSA NetWitness Endpoint Alerts in v11.3
April 21, 2019
The complete overhaul of NW-Endpoint 4.4 into NW-Endpoint 11.3 includes (among many changes) a...
Identifying WireGuard (VPN) Traffic Using RSA NetWitness Network
April 18, 2019
WireGuard is a new open-source VPN protocol used to create point to point tunnels. It uses the most...
Detecting Lateral Movement in RSA NetWitness: Smbexec
April 17, 2019
Introduction Lateral movement is a technique that enables an adversary to access and control remote...
v11.3 Changes to ESA Script Outputs
April 12, 2019
In RSA NetWitness 11.3, one of the behind-the-scenes changes to the platform was moving the script...
Detecting Lateral Movement in RSA NetWitness: Winexe
April 10, 2019
Introduction Lateral movement is a technique that enables an adversary to access and control remote...
Detecting Lateral Movement in RSA NetWitness: WMI
April 9, 2019
Introduction Lateral movement is a technique that enables an adversary to access and control remote...
Sigma for your SIEM
April 8, 2019
Over the last year a few trends have emerged in detection ruleset sharing circles. Standards or...
Threat Intel Integration with MISP and Minemeld
April 5, 2019
RSA NetWitness has a number of integrations with threat intel data providers but two that I have...