Kerberos Log Event Odditites
December 2, 2016
[Updated with a 4th use case around NTLM failed authentications with unusual failure codes...
What kind of meta is generated for commodity malware?
November 30, 2016
Every week RSA FirstWatch collects hundereds of indicators of compromise from running different...
NEW Hunting Guide & Investigation Model
November 30, 2016
The new Investigation Data Model (community.rsa.com/docs/DOC-62313) and Hunting Pack (...
Hunting & Investigation Charts
November 28, 2016
If you haven't yet deployed the content behind the new Hunting Pack and Investigation Model, go...
LUA Parser to Extract Query Execute Time
November 25, 2016
Building on the excellent work in Security Analytics Log Parser 2.1.63.zip I had a minor...
Filtering F5 UDP Syslog Health Checks
November 25, 2016
If you happen to have F5 LTM providing balancing or HA in front of your VLC for syslog messages...
Looking behind the curtain. How RSA Netwitness Packets and Endpoint see a Cerber Ransomware compromise
November 23, 2016
*** Warning the sites referenced contain live exploit kits and malware. As always please exercise...
SFTP Agent Automation Script -- IIS -- agentConfCreator.ps1
November 22, 2016
Updated : Added another script that you can run directly on the IIS box and it will spit out the...
Critical Start Threat Analytics Plugin Configuration Guide
November 18, 2016
Hi Everyone, The Threat Analytics Search Plugin for Google Chrome is a plugin that has been made by...
Detecting a Dyzap variant using RSA NetWitness
November 18, 2016
Dyzap is an information stealer that has been around for a while. The malware has the ability to...