In order to register for a class, you need to first create an EMC account
If you need further assistance, contact us
Summary
This on-demand lab reviews the proper initial configuration steps and settings for RSA NetWitness Logs and Packets. Students are then presented with a sub-optimal environment and will identify the “underperforming,” modules, and fine tune the environment.
Overview
This self-paced on-demand lab presents the proper initial configuration steps and settings for RSA NetWitness Logs and Packets. It describes an optimal configuration of RSA NetWitness Logs and Packets that allows for increased performance. Lab exercises provide students with the ability to practice what they have learned. To maximize the value of your learning experience, this course also includes access to RSA University’s virtual environment.
Audience
Anyone interested in tuning their RSA NetWitness Logs and Packets environment for optimal performance
Delivery Type
On-Demand Lab
Duration
1 hour course and 2 hour lab
Note: RSA University’s on-demand lab environment is provided for 10 hours of overall practice time over a 14-day period.
Accessing the Lab Environment
Lab exercises are performed in the RSA University virtual lab environment. The downloadable Lab Guide provides detailed instructions on access the environment. For more information please view the document Access RSA University Virtual Labs – available on the RSA University site: RSA University Content.
Prerequisite Knowledge/Skills
Students should have completed the following courses (or have equivalent knowledge) prior to taking this training:
- RSA NetWitness Logs and Packets Introduction
- RSA NetWitness Logs and Packets Installation and Configuration
- RSA NetWitness Logs and Packets Troubleshooting
Learning Objectives
Upon successful completion of this course, participants should be able to:
- Install and configure RSA NetWitness Logs and Packets hardware
- Perform initial configuration of RSA NetWitness Logs and Packets
- Perform basic configuration checks
Course Outline
Module 1: Pre-Configuration Procedures
Utilize a checklist of procedures
Map out your environment before deploying RSA NetWitness Logs and Packets
Understand the architecture and how it will affect the deployment
Module 2: Post Install Configuration
Configure Proxy Server settings
Create and configure an RSA Live account
Check for software updates
Configure Security Settings
Module 3: Deploy the Right Content
Identify and deploy the proper parsers
Determine and deploy the proper feeds
Module 4: Capture and Aggregation Settings
Configure capture settings on both Decoders
Configure aggregation settings on the Concentrator
Add additional Log Collectors
Module 5: Utilize Filtering and Truncation
Filter unnecessary data from your data set
Describe the reasons for filtering
Define data for filtering
Identify types of filtering rules, including:
o Berkely Packet Filters
o Network Rules
Module 6 Troubleshoot Investigation Queries
Define the ways to query a data set
Identify best practices when querying
Illustrate an example of an effective query
Exercise 1: Where to Start?
Searching for misplaced content
Packet parsers and log decoders
Basic correlation rules
Mixed application rules
Exercise 2: Content Cleanup
Saving custom content
Deleting deployed content
Deploying standard installation content
Creating new customer content
Removing out-dated content
Clearing subscriptions
Exercise 3 : System Review
Reviewing needed parsers & feeds
Cleaning up application rules
Adding truncation rules as needed
Final system check
In order to register for a class, you need to first create an EMC account
If you need further assistance, contact us
