This course covers basic NetWitness Platform functionality, introducing the student to foundational aspects of the solution.
Audience
Anyone interested and new to NetWitness Platform.
Duration: 3 days
Prerequisite Knowledge/Skills:
Introduction to NetWitness Platform on demand learning
Students should be familiar with basic computer architecture, networking fundamentals and general information security concepts. Basic knowledge of the TCP/IP protocol stack is beneficial.
$3,465 USD ⁓ 3,000 Training Credits
Delivery Types:
This course is delivered in 2 Modalities:
● Virtual - Instructor Led Training (VILT) v12.4
● On-Demand Classroom (ODC) v12.4 (Select related version to access training)
Course Overview
This course covers NetWitness Platform architecture, data flow, core and enhanced components, metadata concepts, rules, investigation techniques including queries, filtering and pivoting, along with reporting, alerting and incident management. Overviews of Endpoint Insights, Advanced Endpoint, UEBA and NetWitness Orchestrator are also provided. Students will gain insights into using the major features of the platform through a combination of lecture and demonstration, as well as practical hands-on exercises that reinforce the concepts.
NetWitness Platform Foundations version 12.4
Access Training
for Customers/Partners
Access Training
for NetWitness Employees
Course Objectives
Upon successful completion of this course, participants should be able to:
● Recognize how NetWitness Platform provides visibility across your infrastructure and utilizes data collected from different sources.
● Utilize the NetWitness Platform investigation capabilities to reconstruct events effectively.
● Refine investigation outcomes by applying filtering techniques manageable through Centralized Content Management (CCM) to create a focused dataset.
● Describe and utilize the Reporting Engine and the NetWitness Event Stream Analysis (ESA).
● Identify and utilize various methods to create and manage incidents and alerts.
● Configure and analyze Endpoint agents and Endpoint meta.
● Describe the roles of NetWitness User and Entity Behavior Analytics (UEBA) and Orchestrator.
Version Highlights:
● Introducing the Centralized Content Management (CCM) feature and how to use it to control your content.
● Introducing the new ESA Unified Deployments Page and how to navigate it.
● Enriching the Springboard by having a custom private board and creating Springboard from a query.
● Extending the Analyst interaction with incidents by being able to export incident data, which includes original or normalized alerts.
Course Outline
Module 1: NetWitness Platform Overview
Module 2: Investigation Basics
Module 3: Refining the Dataset
Module 4: Reporting Engine Basics
Module 5: Event Stream Analysis (ESA)
Module 6: Incident Management and Respond
Module 7: NetWitness Endpoint Insights Agent
Module 8: NetWitness UEBA Concepts
Module 9: NetWitness Orchestrator
If you have any questions, please contact your account manager or Contact Us directly!
Go to top ⬆
