RSA Netwitness Suite Log Parser 2.3.99
May 21, 2018
Overview This version will now parse over 1,400 events from the devices, however the parser does...
Content: Http_lua_options updates
May 21, 2018
The Options file for HTTP_lua parser has been updated recently. The latest addition is interesting...
RSA NetWitness Endpoint Insights - Scan Data Reports (Now in RSA Live!)
May 18, 2018
One of the major new features found in RSA NetWitness Platform version 11.1 is RSA NetWitness...
RSA NetWitness Endpoint Content - Dashboards, Meta Groups, ESA Rules
May 18, 2018
One of the major new features found in RSA NetWitness Platform version 11.1 is RSA NetWitness...
Malware Service - Custom Yara for the Doublekill
May 17, 2018
A question came from a customer about a recent 0-day Doublekill (Byte Nibble Obfuscation) yara rule...
Feed: MS Logon Type Description
May 14, 2018
logon.type has been a numeric value for windows logs in RSA NetWitness for a while, but it might...
SynAck Ransomware's Behavior in RSA NetWitness Endpoint
May 14, 2018
A new variant of the SynAck ransomware has been seen in the wild using Process Doppleganging to...
New Text Indexing Features in RSA NetWitness v11.1
May 4, 2018
RSA NetWitness v11.1 introduces powerful new text indexing features to the RSA NetWitness core...
Size Index Bucketing
May 4, 2018
One of the more challenging things to accomplish in the RSA NetWitness core database is querying...
Lua - Mapping MAC to Vendor (Logs/Netflow and Endpoint)
May 2, 2018
Ethernet_oui.lua is a parser that has existed on the packet side for a while to map the MAC address...