This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Education Courses
34% helpful (1/3)

Introduction to the NetWitness Platform

CraigHansen1
Beginner
Beginner

on ‎2016-02-02 09:21 PM - edited 3 weeks ago by Occasional Contributor Occasional Contributor

 

Netwitness-Education-2C (2).png

 

Access Training
for Customers/Partners

Access Training
for NetWitness Employees

 

 

 

 

FREE

 

 

Summary

High-level introduction to RSA NetWitness Platform concepts and real-world use case demonstrations.

 

Overview

This On-Demand Learning includes the role and fundamental concepts of RSA NetWitness Platform. Threat visibility and analysis capabilities available via such tools as session reconstruction, event and file analysis, and meta keys are discussed, as well as basic architecture and data flow. Another section demonstrates the Platform in action when drawing data from infrastructure logs, network packet capture, and endpoint monitoring.

 

Audience

All NetWitness users and administrators.

 

Delivery Type

On-Demand Learning (self-paced eLearning)

 

Duration

90 Minutes

 

Prerequisite Knowledge/Skills

Knowledge of the following is suggested for attending this course:

  • None

 

Course Objectives

Upon successful completion of this course, participants should be able to:

  • Describe the goals of NW Network, Logs, Endpoint
  • Define new Endpoint policy group
  • Describe the roles of Orchestrator and UEBA
  • Describe the architecture for NW Platform, including decoders, concentrators, the admin server, and ESA
  • Define metadata in the context of NW
  • Define the role and nature of parsers
  • Describe the role of NetWitness Logs for data retention regulatory compliance
  • Define the features of Endpoint Insights and Advanced Endpoint
  • Describe the information available from the Hosts and Files views
  • Define the roles of custom content such as app rules and Berkley Packet Filters 

 

Course Outline

What is RSA NetWitness Platform?

  • 3 primary types of data collection: network, logs, endpoint
  • Core architecture of every deployment
  • Roles of Orchestrator and UEBA

Network

  • Packet capture data flow
  • Investigate > Navigate
  • Session reconstruction from packets
  • What is Meta?
  • What is a parser?

Logs

  • Log capture data flow
  • What is a log parser?
  • Data retention via NW Logs
  • Tiers of data storage

Endpoint

  • Insights vs. Advanced Endpoint
  • Global Hosts & Host Details
  • Global Files view

Data flow & custom content

  • Log data flow example
  • Packet data flow example
  • Endpoint data flow
  • Differentiating filters, rules, parsers, and feeds
  • What does Live Content contain?

If you need further assistance, contact us

Was this article helpful? Yes No
Version history
Last update:
3 weeks ago
Updated by:
Occasional Contributor Occasional Contributor
© 2022 RSA Security LLC or its affiliates. All rights reserved.