This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Education Courses
No ratings

RSA NetWitness Endpoint Foundations 11.4

JosephCantor
Employee
Employee

on ‎2020-04-02 02:43 PM

On-demand

In order to register for a class, you need to first create a Dell Education account 

If you need further assistance, contact us

Summary

This classroom-based training introduces security analysts and administrators to the architecture and toolkit for detecting and investigating risk on endpoint
hosts.

 

Overview

This classroom-based training provides a general introduction to RSA NetWitness Endpoint analysis. Students will participate in both lecture and hands-on experience using the RSA NetWitness Endpoint Analytics tool. The course consists of about 50% hands-on lab work, using a virtual lab environment.

Audience

Anyone new to RSA NetWitness Endpoint interested in increasing their familiarity with the tool’s features and functions within the context of endpoint investigation and analysis..

 

Duration

2 days

Recommended Prerequisite Knowledge/Skills

No prerequisite requirements but basic knowledge of malware, networking fundamentals and general security analysis concepts is recommended.

 

Course Objectives

Upon successful completion of this training, participants should be able to:

  • Describe what RSA NetWitness Endpoint is and what it does
  • Identify architecture components
  • Deploy a new endpoint agent
  • Interpret risk scores and alerts based on endpoint data
  • Explore metadata derived from endpoint scans
  • Customize data types available in user interface
  • Perform basic file and host analysis
  • Obtain file and memory samples for forensic analysis
  • Identify potentially malicious timestamp mismatches in MTF files

 

Course Outline

Module 1 – Introduction

  • What is RSA NetWitness Platform?
  • What is RSA NetWitness Endpoint?
  • Flagging and Remediation options
  • What is a File?
  • Component Overview
  • Typical Responsibilities
  • Interface Modules
  • RSA Live Content

Module 2 – Architecture

  • Overview of Component Complexity
  • High-level Data Flow
  • Seeing NetWitness Hosts and Services in Interface

Module 3 – Endpoint Agents, Hosts, and Scans

  • Insights vs. Advanced Agents
  • Agent deployment and uninstallation
  • Host view
  • Scheduled and On-Demand Scans
  • Policies, Groups, and Ranks

Module 4 – Risk Scores and Metadata

  • Host and File Risk Scores
  • Viewing & Interpreting Metadata

Module 5 – Files and Libraries

  • File viewing and filtering
  • Global vs. Local views
  • Customize display
  • File status
  • Export global files
  • Reset risk view
  • Certificate view
  • Libraries

Module 6 – Processes, Autoruns & Anomalies

  • Compare Files vs. Processes
  • Processes tree view
  • What are autoruns and anomalies?

Module 7 – Alerts and Incidents

  • Compare Incidents vs. Alerts
  • The Role of Respond
  • Create incidents manually
  • Assign Incident to Analyst

Module 8 – Malicious Behavior & App Rules

  • Threat Models
  • Techniques Detected By App Rules

Module 9 – Forensic Samples

  • Sample types
  • MTF download and Viewer
  • Timestomping Detection
  • Full System Dump
  • Process Dump

 

 

On-demand

 

In order to register for a class, you need to first create a Dell Education account

If you need further assistance, contact us

Was this article helpful? Yes No
0 Likes
Version history
Last update:
‎2020-04-02 02:43 PM
Updated by:
Employee
Contributors
© 2022 RSA Security LLC or its affiliates. All rights reserved.