This is an Instructor Led Training class, for On-Demand/Self-Paced please clickhere
This training introduces security analysts and administrators to the architecture and toolkit for detecting and investigating risk on endpoint hosts. This is an update to version 11.6.
This 2-day course consists of lecture/discussion and lab exercises intended for lay the foundations of your understanding of NetWitness Endpoint.
Intended audience is anyone performing security monitoring, hunting, and analysis with NetWitness Endpoint; anyone serving as admin or content creator for NetWitness Endpoint will also benefit. It supplements the NetWitness Platform Foundations and NetWitness Admin I courses.
Anyone new to NetWitness Endpoint interested in increasing their familiarity with the tool’s features and functions within the context of endpoint investigation and analysis.
Duration: 2 days
Basic familiarity with NetWitness Platform 11.x (recommended)
Familiarity with typical incident response processes (recommended)
Basic knowledge of malware, networking fundamentals and general security analysis concepts is recommended.
Upon completion of this training, the student should be able to:
Enable/Disable a data retention policy
Define new Endpoint policy group
Configure the NetWitness Endpoint Log Hybrid
Create packager and deploy Endpoint agent
Scan endpoint host and evaluate results
Interpret host and file risk scores
Customize Endpoint data display
Analyze a process, including parent and child processes