This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
      • Netwitness XDR
      • EC-Council Training
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
    • Role-Based Training
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Education Courses
  • NetWitness Community
  • NetWitness Education
  • Courses
  • RSA NetWitness Platform Foundations 11.3
  • Options
    • Subscribe to RSS Feed
    • Bookmark
    • Subscribe
    • Printer Friendly Page
    • Report Inappropriate Content
No ratings

RSA NetWitness Platform Foundations 11.3

CraigHansen1
CraigHansen1 Beginner
Beginner
Options
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Report Inappropriate Content

on ‎2016-02-03 09:23 PM

On-demand

In order to register for a class, you need to first create a Dell Education account

If you need further assistance, contact us

Summary

This foundations course focuses on the core features and functions of the RSA NetWitness Platform for Administrators and Analysts.

 

Overview

This Instructor Led Training (ILT) course provides a foundational overview of the core components of RSA NetWitness Platform. Students gain insight into the core concepts, uses, functions and features and also gain practical experience by performing a series of hands-on labs.

 

Audience

Anyone new to RSA NetWitness Platform.

 

Duration

3 days (ILT)

 

Prerequisite Knowledge/Skills

Students should be familiar with basic computer architecture, networking fundamentals and general information security concepts. Basic knowledge of the TCP/IP protocol stack is beneficial.

 

Course Objectives

Upon successful completion of this course, participants should be able to:

  • Describe the RSA NetWitness® Platform architecture
  • Describe the NetWitness core components and their functions
  • Describe how metadata is created
  • Differentiate between meta keys, meta values, sessions and events
  • Investigate data using queries and customized displays
  • Filter data using rules
  • Create new meta values using rules and feeds
  • Deploy RSA-provided reports
  • Create alerts using ESA and reporting rules
  • Describe the use of the Endpoint Insights Agent
  • Describe the basic concepts of RSA NetWitness UEBA
    • Create and manage incidents

     

    Course Outline

     

    RSA NetWitness Platform Overview

    • RSA NetWitness Platform components and architecture
    • RSA NetWitness Data
    • RSA NetWitness Interface

    Investigation Basics

    • What is metadata?
    • Differentiating between packets and logs
    • Differentiating between data and metadata
    • Customizing the investigation screens
    • Viewing reconstructed events
    • Writing simple and complex queries
    • Describing the purpose of meta key indexing
    • Customizing data and meta data displays
    • Creating data visualizations
    • Creating meta groups
    • Creating custom column groups
    • Using complex queries, drills and views to perform investigations
    • The Context Hub

    Refining the Dataset

    • Filtering data with rules
    • Taxonomy concepts for metadata
    • Using Application rules to create new meta
    • Using Correlation rules to create new meta
    • Deploying content from RSA Live to create new meta
    • Describing how parsers populate meta keys
    • Creating feeds
    • Using alerts and metadata to investigate potential threats

    Reporting and Alerting

    • Configuring the Reporting Engine and RESPOND
    • Creating reports
    • Creating alerts to identify future threats

    Event Stream Analysis

    • Configuring ESA
    • Creating ESA alerts
    • Best practices and approaches

    Incident Management and Respond

    • Components of the RESPOND module
    • Viewing alerts and incidents
    • Incident Rules

    Endpoint Insights Agent

    • Insight configurations
    • Endpoint investigation
    • Hots/Files

    UEBA Concepts

    • How UEBA works
    • Analyzing logon activity
    • Investigating users

     

     

     

     

    On-demand

    In order to register for a class, you need to first create a Dell Education account

    If you need further assistance, contact us

    • &
    • 11
    • 11.0.x
    • 11.3
    • Admin
    • administrator
    • admnistration
    • analyst
    • basic
    • Best Practices
    • content expert
    • detect
    • Ed Services
    • education
    • Education Services
    • english
    • ESA
    • event correlation
    • fee
    • fee required
    • french
    • Getting Started
    • ilt
    • in person training
    • in-person
    • Incident
    • incident responder
    • instructor-led training
    • Investigation
    • Live
    • logs & network
    • logs & network foundations
    • logs & packets
    • manage
    • navigator
    • NetWitness
    • netwitness navigator
    • netwitness training
    • NW
    • NWP
    • on demand classroom
    • on-demand classroom
    • Product Training
    • respond
    • rsa
    • RSA NetWitness
    • rsa netwitness logs & network
    • rsa netwitness logs & network foundations
    • RSA NetWitness Platform
    • RSA NetWitness Training
    • RSA University
    • RSAU
    • security events
    • soc manager
    • training
    • Training Course
    • university
    Was this article helpful? Yes No
    1 Like
    Share
    Version history
    Last update:
    ‎2016-02-03 09:23 PM
    Updated by:
    CraigHansen1 Beginner
    Contributors
    • CraigHansen1
      CraigHansen1
    Powered by Khoros
    • Blog
    • Events
    • Discussions
    • Idea Exchange
    • Knowledge Base
    • Case Portal
    • Community Support
    • Product Life Cycle
    • Support Information
    • About the Community
    • Terms & Conditions
    • Privacy Statement
    • Acceptable Use Policy
    • Employee Login
    © 2022 RSA Security LLC or its affiliates. All rights reserved.