Introduction to MITRE’s ATT&CK™ and Mapping to ESA Rules
August 31, 2018
Introduction to MITRE’s ATT&CK™ Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) for...
Gathering Stats with Salt - BIOS/iDRAC/PERC Edition
August 29, 2018
A recent advisory was sent out for firmware updates to a number of base components in NetWitness. ...
RSA NetWitness Query Syntax Compared to Wireshark Display Filters
August 23, 2018
Wireshark has been around for a long time and the display filters that exist are good reference...
What's on your wire: Anatomy of a new Lua packet parser
August 20, 2018
I was reviewing a packet capture file I had from a recent engagement. In it, the attacker had tried...
Lua - Whitelisting Office365 Traffic
August 14, 2018
Microsoft has been converting customers to O365 for a while, as a result more and more traffic is...
Parsing Suricata JSON logs with NW
August 13, 2018
To successfully parse Suricata JSON logs via syslog collector we need to use LUA parser in...
Improving Alerts' Related Links in Respond
August 7, 2018
The Respond Engine in 11.x contains several useful pivot points and capabilities that allow...
New: RSA SecurID Access and RSA NetWitness Integration
August 2, 2018
RSA SecurID Access (Cloud Authentication Service) is an access and authentication platform with a...
What's on your wire: Panning for Gold in OTHER - The story of HL7
July 23, 2018
Whenever I am on an engagement that involves the analysis of network traffic, my preferred tool of...
What's on your wire: Detect Linux ELF files
July 23, 2018
Servers are attacked every day and sometimes, those attacks are successful. There is a lot of...