This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Education Courses
78% helpful (7/9)

Introduction to the NetWitness Platform

CraigHansen1
Beginner
Beginner

on ‎2016-02-02 09:21 PM - edited on ‎2023-06-16 04:36 PM by Frequent Contributor Frequent Contributor

 

Community Articles (2).png

 

 

Summary

High-level introduction to RSA NetWitness Platform concepts and real-world use case demonstrations.

Access Training
for Customers/Partners

Access Training
for NetWitness Employees

 

Overview

This On-Demand Learning includes the role and fundamental concepts of RSA NetWitness Platform. Threat visibility and analysis capabilities available via such tools as session reconstruction, event and file analysis, and meta keys are discussed, as well as basic architecture and data flow. Another section demonstrates the Platform in action when drawing data from infrastructure logs, network packet capture, and endpoint monitoring.

 

Audience

All NetWitness users and administrators.

 

Delivery Type

On-Demand Learning (self-paced eLearning)

 

Duration

90 Minutes

 

Prerequisite Knowledge/Skills

Knowledge of the following is suggested for attending this course:

  • None

 

Course Objectives

Upon successful completion of this course, participants should be able to:

  • Describe the goals of NW Network, Logs, Endpoint
  • Define new Endpoint policy group
  • Describe the roles of Orchestrator and UEBA
  • Describe the architecture for NW Platform, including decoders, concentrators, the admin server, and ESA
  • Define metadata in the context of NW
  • Define the role and nature of parsers
  • Describe the role of NetWitness Logs for data retention regulatory compliance
  • Define the features of Endpoint Insights and Advanced Endpoint
  • Describe the information available from the Hosts and Files views
  • Define the roles of custom content such as app rules and Berkley Packet Filters 

 

Course Outline

What is NetWitness Platform?

  • 3 primary types of data collection: network, logs, endpoint
  • Core architecture of every deployment
  • Roles of Orchestrator and UEBA

Network

  • Packet capture data flow
  • Investigate > Navigate
  • Session reconstruction from packets
  • What is Meta?
  • What is a parser?

Logs

  • Log capture data flow
  • What is a log parser?
  • Data retention via NW Logs
  • Tiers of data storage

Endpoint

  • Insights vs. Advanced Endpoint
  • Global Hosts & Host Details
  • Global Files view

Data flow & custom content

  • Log data flow example
  • Packet data flow example
  • Endpoint data flow
  • Differentiating filters, rules, parsers, and feeds
  • What does Live Content contain?

If you need further assistance, contact us

Was this article helpful? Yes No
Version history
Last update:
‎2023-06-16 04:36 PM
Updated by:
Frequent Contributor Frequent Contributor
© 2022 RSA Security LLC or its affiliates. All rights reserved.