This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Education Courses
No ratings

NetWitness Orchestrator Built on ThreatConnect - Fundamentals

JosephCantor
Employee
Employee

on ‎2020-06-30 09:54 AM - edited on ‎2022-04-29 05:55 AM by Frequent Contributor Frequent Contributor

 This Course is currently undergoing some updates, appreciate your patience as we are working on bringing for you the best training experience.

 

Netwitness-Education-2C (2).png

 

 

 

Access Training
for Customer/Partners

Access Training
for NetWitness Employees

 

 

 

 

If you need further assistance, contact us

 

Summary

This on-demand course provides foundational concepts of the RSA NetWitness Orchestrator (ThreatConnect version). Students will gain insights into the major features of the product via video demonstrations, explanations, and screenshots.

 

Audience

Anyone interested in an overview of the RSA NetWitness Orchestrator solution.

 

Delivery Type
On-Demand Learning


Duration
180 Minutes


Prerequisite Knowledge/Skills

Students should have the following skills or taken the following training prior to attending this course:

N/A

 

Learning Objectives

Upon successful completion of this course, participants should be able to:

  • Describe the role, functionality, and analytic approach of RSA NetWitness Orchestrator built on ThreatConnect
  • Perform basic administrative tasks such as adding a new user and updating a cloud-based Playbook
  • Customizing your environment by enabling two-factor authentication, selecting which Indicators and groups are visible, and creating a custom space
  • Browse threat intelligence
  • Interpret and discern between scores for Threat Rating, Confidence, and ThreatAssess
  • Create a basic Workflow, Indicator, and Playbook
  • Interpret and assess the run results of a Playbook
  • Contribute to your organization's pool of knowledge by creating posts and associating your findings with indicators and groups

 

Course Outline

  • Module 1 – RSA NetWitness Orchestrator Overview
    • Describe RSA NetWitness Orchestrator as SOAR and Threat Intelligence solution
    • Describe Analytic Approach and threat model
  • Module 2 – Administration and Customization
    • View our current account profile
    • View available user roles
    • Enable the Collective Analytics Layer
    • Create an admin email message
    • Add a new user
    • Update a cloud-based Playbook
    • Customize displayed results
    • Add a custom Space to host one or more apps
  • Module 3 – Threat Intelligence Basics
    • Browse threat intelligence
    • Describe the ThreatConnect Premium Intelligence Source
    • Interpret Threat Rating, Confidence, and Threat Assess values
  • Module 4 – Workflow, Indicators, and Associations
    • Define terminology of workflow, indicators, and associations
    • View associations and indicators
    • Create a new indicator
  • Module 5 – Playbooks and Automation Basics
    • Describe a Playbook (A reusable chunk of automation)
    • Describe Triggers, Apps, Operators   
    • Perform typical steps for creating a playbook: Enrichment, Investigation, Response, Review
  • Module 6 – Collaboration
    • Enable privacy option for CAL data
    • Create a post and link it to an indicator or other object for future reference
    • Browse intelligence only from a collaborative source

 

If you need further assistance, contact us

 

Was this article helpful? Yes No
Version history
Last update:
‎2022-04-29 05:55 AM
Updated by:
Frequent Contributor Frequent Contributor
© 2022 RSA Security LLC or its affiliates. All rights reserved.