This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Education Courses
  • NetWitness Community
  • NetWitness Education
  • Courses
  • NetWitness Orchestrator Built on ThreatConnect - Fundamentals
  • Options
    • Subscribe to RSS Feed
    • Bookmark
    • Subscribe
    • Email to a Friend
    • Printer Friendly Page
    • Report Inappropriate Content
No ratings

NetWitness Orchestrator Built on ThreatConnect - Fundamentals

JosephCantor
Employee JosephCantor
Employee
Options
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

on ‎2020-06-30 09:54 AM - edited on ‎2022-04-29 05:55 AM by Occasional Contributor aymanm2 Occasional Contributor

❗ This Course is currently undergoing some updates, appreciate your patience as we are working on bringing for you the best training experience.

 

Netwitness-Education-2C (2).png

 

 

 

Access Training
for Customer/Partners

Access Training
for NetWitness Employees

 

 

 

 

If you need further assistance, contact us

 

Summary

This on-demand course provides foundational concepts of the RSA NetWitness Orchestrator (ThreatConnect version). Students will gain insights into the major features of the product via video demonstrations, explanations, and screenshots.

 

Audience

Anyone interested in an overview of the RSA NetWitness Orchestrator solution.

 

Delivery Type
On-Demand Learning


Duration
180 Minutes


Prerequisite Knowledge/Skills

Students should have the following skills or taken the following training prior to attending this course:

N/A

 

Learning Objectives

Upon successful completion of this course, participants should be able to:

  • Describe the role, functionality, and analytic approach of RSA NetWitness Orchestrator built on ThreatConnect
  • Perform basic administrative tasks such as adding a new user and updating a cloud-based Playbook
  • Customizing your environment by enabling two-factor authentication, selecting which Indicators and groups are visible, and creating a custom space
  • Browse threat intelligence
  • Interpret and discern between scores for Threat Rating, Confidence, and ThreatAssess
  • Create a basic Workflow, Indicator, and Playbook
  • Interpret and assess the run results of a Playbook
  • Contribute to your organization's pool of knowledge by creating posts and associating your findings with indicators and groups

 

Course Outline

  • Module 1 – RSA NetWitness Orchestrator Overview
    • Describe RSA NetWitness Orchestrator as SOAR and Threat Intelligence solution
    • Describe Analytic Approach and threat model
  • Module 2 – Administration and Customization
    • View our current account profile
    • View available user roles
    • Enable the Collective Analytics Layer
    • Create an admin email message
    • Add a new user
    • Update a cloud-based Playbook
    • Customize displayed results
    • Add a custom Space to host one or more apps
  • Module 3 – Threat Intelligence Basics
    • Browse threat intelligence
    • Describe the ThreatConnect Premium Intelligence Source
    • Interpret Threat Rating, Confidence, and Threat Assess values
  • Module 4 – Workflow, Indicators, and Associations
    • Define terminology of workflow, indicators, and associations
    • View associations and indicators
    • Create a new indicator
  • Module 5 – Playbooks and Automation Basics
    • Describe a Playbook (A reusable chunk of automation)
    • Describe Triggers, Apps, Operators   
    • Perform typical steps for creating a playbook: Enrichment, Investigation, Response, Review
  • Module 6 – Collaboration
    • Enable privacy option for CAL data
    • Create a post and link it to an indicator or other object for future reference
    • Browse intelligence only from a collaborative source

 

If you need further assistance, contact us

 

  • 11.4
  • Admin
  • Ed Services
  • education
  • Education Services
  • english
  • free
  • fundamentals
  • Getting Started
  • incident responder
  • logs & network
  • logs and packets
  • NetWitness
  • NetWitness Orchestrator
  • netwitness training
  • NW
  • NWO
  • NWP
  • orchestrator by threatconnect
  • Product Training
  • RSA NetWitness
  • RSA NetWitness Platform
  • RSA NetWitness Training
  • RSA University
  • RSAU
  • threat hunter
  • training
  • Training Course
  • ueba
Was this article helpful? Yes No
2 Likes
Share
Version history
Last update:
‎2022-04-29 05:55 AM
Updated by:
Occasional Contributor aymanm2 Occasional Contributor
Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.