This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Education Courses
No ratings

RSA NetWitness Network and Splunk® Integration

ElenaKomarova
Employee
Employee

on ‎2017-01-31 11:48 AM

Access Training

In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us

 

Summary

This on-demand learning describes how to integrate RSA NetWitness Network with Splunk to allow sharing of relevant data between the two products for reporting, alerting and investigation purposes.

 

Overview

This on-demand learning provides students with the knowledge and skills to configure Splunk® Enterprise and RSA NetWitness Network to view security logs in Splunk, view Splunk metatdata in RSA NetWitness Network, link to Splunk data through a context menu, send logs to Splunk via an ESA alert, and send Reporting Engine logs to Splunk.

 

Note: Splunk Enterprise is a registered trademark of Splunk Inc.

Audience

Anyone interested in configuring Splunk

Delivery Type

On-Demand Learning (self-paced eLearning)

Duration

1.5 hours

Prerequisite Knowledge/Skills

Students should have familiarity with RSA NetWitness Network Splunk Enterprise

Learning Objectives

Upon successful completion of this course, participants should be able to:

• Describe the benefits of integration with Splunk

• Describe the integration options

• Create Context Actions to pivot from NetWitness investigations to Splunk

• Forward Security/Audit Logs to Splunk

• Configure Splunk to point to RSA NetWitness

• Forward ESA Alert Syslog Notifications to Splunk

• Forward Security/RE Logs to Splunk

Course Outline

  • Module 1 Integration Overview
    • Benefits of Splunk integration
    • Integration methods
  • Module 2 Creating Context Menus
    • Context action menus in RSA NetWitness Network
    • How to create a context menu action
    • Using a context menu in an investigation
    • Creating a Context Menu Action demonstration
  • Module 3 Configuring Syslog Notification
    • Configuration Splunk as a notification server
    • Viewing security/audit logs in Splunk
    • Configuring Syslog Notification demonstration
  • Module 4 Configuring ESA Alert Notification
    • Set up a TCP collector for Splunk data
    • Configure syslog notification for the Splunk server
    • Configure an ESA alert to send logs to Splunk
    • Configuring ESA Alert Notification demonstration
  • Module 5 Configuring Reporting Engine Logs
    • Set up a TCP collector for Splunk data
    • Create a Reporting Engine output action
    • Create a Reporting rule
    • Configuring Reporting Engine Logs demonstration

Access Training

In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us

Was this article helpful? Yes No
0 Likes
Version history
Last update:
‎2017-01-31 11:48 AM
Updated by:
Employee
Contributors
© 2022 RSA Security LLC or its affiliates. All rights reserved.