This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
      • Netwitness XDR
      • EC-Council Training
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
    • Role-Based Training
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Education Courses
  • NetWitness Community
  • NetWitness Education
  • Courses
  • NetWitness Platform Foundations 11.5
  • Options
    • Subscribe to RSS Feed
    • Bookmark
    • Subscribe
    • Printer Friendly Page
    • Report Inappropriate Content
No ratings

NetWitness Platform Foundations 11.5

JosephCantor
Employee JosephCantor
Employee
Options
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Report Inappropriate Content

on ‎2020-12-04 01:05 PM - edited on ‎2021-08-25 06:04 AM by Contributor ElynnKoh Contributor

Schedule & Register

Schedule Only

On-demand

 

 

 

 

In order to register for a class, you need to first create a Dell Education account

If you need further assistance, contact us

Summary

This foundations course focuses on the core features and functions of the RSA NetWitness Platform for Administrators and Analysts.

 

Overview

This classroom training provides a foundational overview of the core components of RSA NetWitness Platform. Students gain insight into the core concepts, uses, functions and features and also gain practical experience by performing a series of hands-on labs.

 

Audience

Anyone new to RSA NetWitness Platform.

 

Duration

3 days (ILT)

 

Prerequisite Knowledge/Skills

Students should be familiar with basic computer architecture, networking fundamentals and general information security concepts. Basic knowledge of the TCP/IP protocol stack is beneficial.

 

Course Objectives

Upon successful completion of this course, participants should be able to:

  • Describe the RSA NetWitness Platform architecture and data flow
  • Describe the platform’s core components and functions
  • Navigate and customize the user interface
  • Describe how metadata is created and stored
  • Describe parsing and indexing concepts
  • Differentiate between meta keys, meta values, and sessions/events
  • Use event views to perform simple analysis
  • Investigate data using queries, pivots and drill points
  • Describe data filtering techniques
  • Create new meta values using rules and feeds
  • Deploy LIVE content
  • Describe the concept of data correlation and the use of ESA
  • Describe Reporting Engine basics
  • Generate alerts with ESA and the Reporting Engine
  • Create and manage incidents in the RESPOND Module
  • Describe Endpoint Insights features and functions
  • Configure the Endpoint Insights Agent and view Endpoint data
  • Describe the role of UEBA
  • Describe Orchestrator concepts

 

Course Outline

RSA NetWitness Platform Overview

  • RSA NetWitness Platform components and architecture
  • RSA NetWitness Data
  • RSA NetWitness Interface

Investigation Basics

  • Investigation views
  • Customizing the investigation screens
  • Viewing events
  • Writing simple and complex queries
  • Meta key indexing
  • Customizing data and meta data displays
  • Creating meta groups
  • Creating custom column groups
  • Performing simple investigations 
  • The Context Hub

Refining the Dataset

  • Filtering data with rules
  • Taxonomy concepts for metadata
  • Using Application rules to create new meta
  • Deploying content from RSA Live 
  • Describing how parsers populate meta keys
  • Creating feeds
  • Using alerts and metadata to investigate potential threats

Reporting Engine Basics

  • Reporting Engine configuration options
  • Deploying reports from RSA Live
  • Creating reports
  • Creating reporting alerts

Event Stream Analysis

  • Configuring ESA
  • Creating an ESA enrichment
  • Creating ESA alerts

Incident Management and Respond

  • Components of the RESPOND view
  • Viewing alerts and incidents
  • Incident Rules

Endpoint Insights Agent

  • Configuring Endpoint Insights
  • Endpoint investigation with Hosts and Files
  • Viewing Endpoint data

UEBA Concepts

  • What is UEBA?
  • UEBA user and entity analysis

Orchestrator Concepts

  • What is Orchestrator?
  • Orchestrator concepts

 

Schedule & Register

Schedule Only

On-demand

 

 

In order to register for a class, you need to first create a Dell Education account

If you need further assistance, contact us

  • &
  • 11
  • 11.0.x
  • 11.3
  • Admin
  • administrator
  • admnistration
  • analyst
  • basic
  • Best Practices
  • content expert
  • detect
  • Ed Services
  • education
  • Education Services
  • english
  • ESA
  • event correlation
  • fee
  • fee required
  • french
  • Getting Started
  • ilt
  • in person training
  • in-person
  • Incident
  • incident responder
  • instructor-led training
  • Investigation
  • Live
  • logs & network
  • logs & network foundations
  • logs & packets
  • manage
  • navigator
  • NetWitness
  • netwitness navigator
  • netwitness training
  • NW
  • NWP
  • on demand classroom
  • on-demand classroom
  • Product Training
  • respond
  • rsa
  • RSA NetWitness
  • rsa netwitness logs & network
  • rsa netwitness logs & network foundations
  • RSA NetWitness Platform
  • RSA NetWitness Training
  • RSA University
  • RSAU
  • security events
  • soc manager
  • training
  • Training Course
  • university
Was this article helpful? Yes No
0 Likes
Share
Version history
Last update:
‎2021-08-25 06:04 AM
Updated by:
Contributor ElynnKoh Contributor
Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.