This On-Demand Learning includes the role and fundamental concepts of RSA NetWitness Platform. Threat visibility and analysis capabilities available via such tools as session reconstruction, event and file analysis, and meta keys are discussed, as well as basic architecture and data flow. Another section demonstrates the Platform in action when drawing data from infrastructure logs, network packet capture, and endpoint monitoring.
All NetWitness users and administrators.
On-Demand Learning (self-paced eLearning)
Knowledge of the following is suggested for attending this course:
Upon successful completion of this course, participants should be able to:
Describe the goals of NW Network, Logs, Endpoint
Define new Endpoint policy group
Describe the roles of Orchestrator and UEBA
Describe the architecture for NW Platform, including decoders, concentrators, the admin server, and ESA
Define metadata in the context of NW
Define the role and nature of parsers
Describe the role of NetWitness Logs for data retention regulatory compliance
Define the features of Endpoint Insights and Advanced Endpoint
Describe the information available from the Hosts and Files views
Define the roles of custom content such as app rules and Berkley Packet Filters
What is NetWitness Platform?
3 primary types of data collection: network, logs, endpoint
Core architecture of every deployment
Roles of Orchestrator and UEBA
Packet capture data flow
Investigate > Navigate
Session reconstruction from packets
What is Meta?
What is a parser?
Log capture data flow
What is a log parser?
Data retention via NW Logs
Tiers of data storage
Insights vs. Advanced Endpoint
Global Hosts & Host Details
Global Files view
Data flow & custom content
Log data flow example
Packet data flow example
Endpoint data flow
Differentiating filters, rules, parsers, and feeds