This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Education Courses
  • NetWitness Community
  • NetWitness Education
  • Courses
  • Introduction to the NetWitness Platform
  • Options
    • Subscribe to RSS Feed
    • Bookmark
    • Subscribe
    • Email to a Friend
    • Printer Friendly Page
    • Report Inappropriate Content
34% helpful (1/3)

Introduction to the NetWitness Platform

CraigHansen1
CraigHansen1 Beginner
Beginner
Options
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

on ‎2016-02-02 09:21 PM - edited 3 weeks ago by Occasional Contributor aymanm2 Occasional Contributor

 

Netwitness-Education-2C (2).png

 

Access Training
for Customers/Partners

Access Training
for NetWitness Employees

 

 

 

 

FREE

 

 

Summary

High-level introduction to RSA NetWitness Platform concepts and real-world use case demonstrations.

 

Overview

This On-Demand Learning includes the role and fundamental concepts of RSA NetWitness Platform. Threat visibility and analysis capabilities available via such tools as session reconstruction, event and file analysis, and meta keys are discussed, as well as basic architecture and data flow. Another section demonstrates the Platform in action when drawing data from infrastructure logs, network packet capture, and endpoint monitoring.

 

Audience

All NetWitness users and administrators.

 

Delivery Type

On-Demand Learning (self-paced eLearning)

 

Duration

90 Minutes

 

Prerequisite Knowledge/Skills

Knowledge of the following is suggested for attending this course:

  • None

 

Course Objectives

Upon successful completion of this course, participants should be able to:

  • Describe the goals of NW Network, Logs, Endpoint
  • Define new Endpoint policy group
  • Describe the roles of Orchestrator and UEBA
  • Describe the architecture for NW Platform, including decoders, concentrators, the admin server, and ESA
  • Define metadata in the context of NW
  • Define the role and nature of parsers
  • Describe the role of NetWitness Logs for data retention regulatory compliance
  • Define the features of Endpoint Insights and Advanced Endpoint
  • Describe the information available from the Hosts and Files views
  • Define the roles of custom content such as app rules and Berkley Packet Filters 

 

Course Outline

What is RSA NetWitness Platform?

  • 3 primary types of data collection: network, logs, endpoint
  • Core architecture of every deployment
  • Roles of Orchestrator and UEBA

Network

  • Packet capture data flow
  • Investigate > Navigate
  • Session reconstruction from packets
  • What is Meta?
  • What is a parser?

Logs

  • Log capture data flow
  • What is a log parser?
  • Data retention via NW Logs
  • Tiers of data storage

Endpoint

  • Insights vs. Advanced Endpoint
  • Global Hosts & Host Details
  • Global Files view

Data flow & custom content

  • Log data flow example
  • Packet data flow example
  • Endpoint data flow
  • Differentiating filters, rules, parsers, and feeds
  • What does Live Content contain?

If you need further assistance, contact us

  • 11.4
  • 11.5
  • 11.x
  • Admin
  • Administration
  • Configuration
  • content expert
  • data privacy officer
  • Ed Services
  • education
  • Education Services
  • english
  • expanding
  • free
  • free on-demand learning
  • Getting Started
  • incident responder
  • intro
  • introduction
  • introduction to the rsa netwitness platform
  • log and packets
  • logs & network
  • logs and packets
  • NetWitness
  • netwitness navigator
  • NetWitness Platform
  • netwitness training
  • Network
  • NW
  • NWP
  • on demand learning
  • on demand training
  • on-demand
  • on-demand learning
  • Platform
  • Product Training
  • rsa
  • RSA NetWitness
  • RSA NetWitness Platform
  • RSA NetWitness Training
  • RSA University
  • RSAU
  • soc manager
  • the
  • threat hunter
  • to
  • to the rsa netwitness platform
  • training
  • Training Course
  • trobuleshooting
  • university
Was this article helpful? Yes No
9 Likes
Share
Version history
Last update:
3 weeks ago
Updated by:
Occasional Contributor aymanm2 Occasional Contributor
Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.