This On-Demand training course provides experience using the features and functions of RSA NetWitness Logs & Network to perform forensic analysis on network-based security breaches.
This recorded classroom course provides hands-on experience using RSA NetWitness Logs & Network to identify, investigate and remediate network-based security breaches on your enterprise network. The course consists of about 75% hands-on lab work, following practical use cases from the identification and investigation stages through event reconstruction, damage assessment, and remediation.
Governance, risk, and/or compliance professionals, business owners, or IT personnel who need to automate and streamline existing processes, integrate the RSA Archer platform with third-party systems, or deliver assessments across the enterprise
Students should have familiarity with the basic processes of cybersecurity forensic analysis, including some knowledge of network architecture, the TCP/IP stack, networking protocols, and integrating log and packet traffic to perform analysis on network-based security events.
Students should have completed the following courses (or have equivalent knowledge) prior to taking this training:
RSA NetWitness Logs & Network Foundations
Upon successful completion of this course, participants should be able to:
Build dynamic dashboards to monitor network alerts
Create alerts to populate dashboards
Create alerts to populate meta keys
Use investigation and event reconstruction techniques to reconstruct breach events
Create reports to consolidate alerts across a configurable time period
Create alerts to generate incidents in the Incident Queue
Assign, document, and remediate incidents from within the Incident Queue
Identify, reconstruct, and remediate four sample use cases within the student laboratory SOC environment