This On-Demand training introduces security analysts and executives to the major features of RSA NetWitness Endpoint, including Instant Indicators of Compromise and the Modules and Machines interfaces.
This recorded training course provides a general introduction to RSA NetWitness Endpoint analysis. Students will participate in both lecture and hands-on experience using the RSA NetWitness Endpoint Analytics tool. The course consists of about 50% hands-on lab work, using a virtual lab environment.
Anyone new to RSA NetWitness Endpoint interested in increasing their familiarity with the tool’s features and functions within the context of endpoint investigation and analysis.
No prerequisite requirements but basic knowledge of malware, networking fundamentals and general security concepts is recommended.
Upon successful completion of this course, participants should be able to:
Discuss what NetWitness Endpoint is and what it does
Identify architecture components
Review malicious modules
Prioritize modules and endpoint machines by apparent threat level
Navigate the NetWitness Endpoint interface to investigate suspicious files and processes