On-demand
In order to register for a class, you need to first create a Dell Education account
If you need further assistance, contact us
Summary
This foundations course focuses on the core features and functions of the RSA NetWitness Platform for Administrators and Analysts.
Overview
This Instructor Led Training (ILT) course provides a foundational overview of the core components of RSA NetWitness Platform. Students gain insight into the core concepts, uses, functions and features and also gain practical experience by performing a series of hands-on labs.
Audience
Anyone new to RSA NetWitness Platform.
Duration
3 days (ILT)
Prerequisite Knowledge/Skills
Students should be familiar with basic computer architecture, networking fundamentals and general information security concepts. Basic knowledge of the TCP/IP protocol stack is beneficial.
Course Objectives
Upon successful completion of this course, participants should be able to:
- Describe the RSA NetWitness® Platform architecture
- Describe the NetWitness core components and their functions
- Describe how metadata is created
- Differentiate between meta keys, meta values, sessions and events
- Investigate data using queries and customized displays
- Filter data using rules
- Create new meta values using rules and feeds
- Deploy RSA-provided reports
- Create alerts using ESA and reporting rules
- Describe the use of the Endpoint Insights Agent
- Describe the basic concepts of RSA NetWitness UEBA
- Create and manage incidents
Course Outline
RSA NetWitness Platform Overview
- RSA NetWitness Platform components and architecture
- RSA NetWitness Data
- RSA NetWitness Interface
Investigation Basics
- What is metadata?
- Differentiating between packets and logs
- Differentiating between data and metadata
- Customizing the investigation screens
- Viewing reconstructed events
- Writing simple and complex queries
- Describing the purpose of meta key indexing
- Customizing data and meta data displays
- Creating data visualizations
- Creating meta groups
- Creating custom column groups
- Using complex queries, drills and views to perform investigations
- The Context Hub
Refining the Dataset
- Filtering data with rules
- Taxonomy concepts for metadata
- Using Application rules to create new meta
- Using Correlation rules to create new meta
- Deploying content from RSA Live to create new meta
- Describing how parsers populate meta keys
- Creating feeds
- Using alerts and metadata to investigate potential threats
Reporting and Alerting
- Configuring the Reporting Engine and RESPOND
- Creating reports
- Creating alerts to identify future threats
Event Stream Analysis
- Configuring ESA
- Creating ESA alerts
- Best practices and approaches
Incident Management and Respond
- Components of the RESPOND module
- Viewing alerts and incidents
- Incident Rules
Endpoint Insights Agent
- Insight configurations
- Endpoint investigation
- Hots/Files
UEBA Concepts
- How UEBA works
- Analyzing logon activity
- Investigating users
On-demand
In order to register for a class, you need to first create a Dell Education account
If you need further assistance, contact us
