This classroom-based training introduces security analysts and administrators to the architecture and toolkit for detecting and investigating risk on endpoint hosts.
This classroom-based training provides a general introduction to RSA NetWitness Endpoint analysis. Students will participate in both lecture and hands-on experience using the RSA NetWitness Endpoint Analytics tool. The course consists of about 50% hands-on lab work, using a virtual lab environment.
Anyone new to RSA NetWitness Endpoint interested in increasing their familiarity with the tool’s features and functions within the context of endpoint investigation and analysis..
Recommended Prerequisite Knowledge/Skills
No prerequisite requirements but basic knowledge of malware, networking fundamentals and general security analysis concepts is recommended.
Upon successful completion of this training, participants should be able to:
Describe what RSA NetWitness Endpoint is and what it does
Identify architecture components
Deploy a new endpoint agent
Interpret risk scores and alerts based on endpoint data
Explore metadata derived from endpoint scans
Customize data types available in user interface
Perform basic file and host analysis
Obtain file and memory samples for forensic analysis
Identify potentially malicious timestamp mismatches in MTF files