Content Update
January 13, 2017
Hopefully everybody had a great holiday season! I know we did, and we've been getting some new...
Candygram for Mongo??
January 10, 2017
Over the last several weeks, the security community has bit their collective tongues as they watch...
How to upload a .feed file with NwConsole
January 9, 2017
Some threat data vendors provide a compiled .feed file as a potential output for use with RSA...
Context Menu - Investigate IP from DNS
January 3, 2017
This context menu allows a right click pivot from DNS traffic (alias.ip) to any equivalent HTTP...
Threat: GRIZZLY STEPPE
December 30, 2016
The FirstWatch team is constantly tracking various threats and threat actors. As part of their...
2017: time for a wake-up call
December 29, 2016
I am keenly aware that many of us are carrying lots of baggage due to the myriad of 2016 happenings...
Malware - Spectrum - What's involved...
December 23, 2016
This might help illustrate all the components and levers in place to make Malware/Spectrum function...
Using an ESA Rule to run a command on a windows machine
December 22, 2016
A colleague here at RSA posed an interesting problem so I thought I would share with you how I...
NetWitness Suite 10.6.2/10.6.0/10.5.2 Mixed-mode Upgrade
December 15, 2016
Per request from external teams, I experimented with the NetWitness Suite/Security Analytics 10.6.2...
Context Menu - Microsoft EventID
December 15, 2016
Working with Microsoft EventIDs ? ever use the excellent site Ultimate Windows Security to track...