Identifying BITS Uploads and Downloads
March 20, 2017
Part 1: NetWitness for Packets I recently read an article from Microsoft (...
Monitoring Netwitness with Zabbix
March 17, 2017
This post is completely unsupported by RSA Support and indeed RSA, but it might be interesting if...
Investigating Endpoints with NWE Tracking Data
March 10, 2017
There has been a lot of great information published about Sysmon since Mark Russinovich's...
Alerting on Spora ransomware.
March 1, 2017
Spora, a new variant of ransomware recently identified by security researchers, is written with...
What's In Your NetWitness RSA SecurID Identities?
February 28, 2017
The RSA SecurID dashboard allows analysts to monitor specific identities and their behaviors. It...
Using IPMITool to Script iDRAC Configuration
February 28, 2017
When doing several changes at a time on several systems you can use the IPMITool to execute...
Getting to the root host of the problem
February 22, 2017
This came out of a separate discussion but I thought it could be helpful for others. A customer was...
Fileless Infection (and Detection)
February 21, 2017
Fileless infection is a method used to compromise a system without writing any file to disk. This...
Take me to the Shodan - Right Click your way to additional data
February 9, 2017
The RSA Netwitness Suite has a lot of data flowing into it. However, it does not take in...
Magnitude Exploit Kit - Under the Hood
February 9, 2017
Although Rig EK is the dominant one in the market right now, our sources from the RSA FraudAction...