This on-demand learning presents adaptive techniques for security teams proactively seeking to detect, understand, and disrupt coordinated intrusions with RSA NetWitness Endpoint.
This self-paced on-demand learning presents techniques prescribed by security analysts for employing RSA NetWitness Endpoint to locate sophisticated targeted attacks. Finding known malware and obviously malicious behavior is easy with this tool’s Instant Indicators of Compromise, but sophisticated intrusions can be far more challenging. Indicators of specific exploits and threats, such as common keylogging techniques, are detailed.
Security analysts using RSA NetWitness Endpoint to locate suspicious files, processes, and activity on an organization’s endpoint computers.
Delivery Type On-Demand Learning (self-paced eLearning)
Duration 2 hours
Students should have completed the RSA NetWitness Endpoint Fundamentals prior to viewing this course. Experienced analysis with at least six month of real-world security analysis with NetWitness Endpoint is recommended.
Upon successful completion of this course, participants should be able to:
Request a scan and interpret the results
Perform file analysis without alerting adversaries
Evaluate threats based on frequency of file occurrence
Customize an Instant Indicator of Compromise
Create a custom Yara rule to adapt hunting technique to latest indicators
Use behavior filters to identify new threats
Review key Instant Indicators of Compromise
Obtain and analyze MFT file from endpoint system
Establish timeline based on most trusted timestamps