Detecting Ismdoor variants using RSA NetWitness
February 3, 2017
Ismdoor is a remote access Trojan used by the Greenbug cyberespionage group against different...
ArcSight ESM - RSA NetWitness Suite Integration Guide
February 3, 2017
The 'NetWitness-ArcSight_Integrations' Zipped archive will contain documentation, required...
Detecting Rare Windows Processes
February 2, 2017
After reading through a few SANS resources, I came across some interesting topics regarding the...
RIG EK - Chronology of an Exploit Kit
February 1, 2017
One of the most well-known exploit kits in the crimeware underground marketplaces, clearly...
Logs - Collecting Windows Events with WEC
January 30, 2017
A customer had asked me if it was possible to collect logs centrally using WEC (Windows Event...
Logs - New Windows Security Event ID's
January 27, 2017
Looks like Windows 10 has introduced some new Security event ID's as well as modified the content...
Script to Compile SA Inventory and Configuration Information (SA_Enviro_Check.sh)
January 27, 2017
UPDATED 2-1-2017 to Version 0.4 Changelog: 1-20-2017 (0.2) : Added capability to auto-populate all...
Threat Detection - Update (Jan 2017)
January 25, 2017
If you didn't catch Saket's update about Log Parsers, be sure to look at all the improvements they...
Log Parser Improvements - Update (Jan 2017)
January 24, 2017
The RSA Live Content team has published updates for 6 more Log Parsers that generate the largest...