This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Comment: Free training is great, But it lacks logs

Anonymous
Not applicable

‎2016-08-08 11:28 PM


Hello RSA,

I wanted to offer my feedback on the free NetWitness logs and packets training. The courses are great (the Hunting course in particular) and I certainly learnt a lot, however the one criticism I have is that it focuses on packets and misses anything relating to logs.

I would like to see a bit more about integrating both packet and logs into the one type hunting.

 

Other than that, the training is great.

 

Thanks.

4 REPLIES 4

ArthurCostigan1
Frequent Contributor Frequent Contributor
Frequent Contributor

‎2016-08-09 11:32 AM

Jeremy

 

Thanks for your input.   The free instruction online now is RSA's first step to getting out video content that can help bring customers up to speed faster.  I am sure more will be on the way. 

 

Don't let the lack of training content regarding hunting "combined logs and packets" discourage you from trying "just to see what you find".   When you find something in the "logs" there are usually clues as to where to go in "packets" and visa versa.  I like to setup meta groups and profiles so that i can quickly switch between views to investigate and build queries before returning to a combined view.  Meta groups and profiles also cut down the noise on your Investigator panel and speeds up your queries.  Another item that many people miss is that the report engine can return results quicker in a complex query than the same query run in the UI.  I find myself more and more building complex queries in the reporting engine and then "cutting and pasting" them into the UI query field.

 

Keep digging in.  It's the best way to learn.

 

Regards

 

Art Costigan - RSA Professional Services

DaveGlover
Trusted Contributor Trusted Contributor
Trusted Contributor

‎2016-08-10 09:19 PM

Jeremy

 

What in particular would you like to see in regards to logs?

 

What did you think was missing?

 

Thanks

 

Dave

0 Likes

Anonymous
Not applicable
In response to DaveGlover

‎2016-08-10 09:30 PM

Hi Dave,

I guess what I'm talking about specifically is the surrounding the 'Hunting' course. It was focused only on Packet.

I'd be interested to see some techniques about how to hunt using logs, and packet and logs.

The hunting course really helped me in getting some ideas about finding the needle in the haystack, but I'd like to learn more about how to augment that with logs.

Cheers,

0 Likes

DaveGlover
Trusted Contributor Trusted Contributor
Trusted Contributor
In response to Anonymous

‎2016-08-10 09:33 PM

Ok understood.  Let me see what I can put together to try and help everyone out.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.