This is an Instructor Led Training class, for On-Demand/Self-Paced please click here
This course presents a recommended process for responding to incidents using NetWitness Platform analysis tools and techniques. Students practice the techniques and process by working through a series of use cases. This is an update to version 11.6.
This course covers how to use the NetWitness 11.6 platform including logs, packets and Advanced Endpoint, to respond to incidents by investigating incidents in the queue, documenting incidents, and escalating or closing incidents.
Students will use NetWitness Platform Investigation features to analyze incidents using a recommended process.
Level 1 and Level 2 analysts relatively new to NetWitness Platform, who wish to increase their familiarity with the tool’s features and functions within the context of incident response and analysis.
Students should have familiarity with the basic processes of cybersecurity analysis, including some knowledge of network architecture, the TCP/IP stack, networking protocols, and integrating log & network traffic to perform analysis on network-based security events.
Upon completion of this training, the learner should be able to:
Identify Analyst roles and SOC models
Describe incident types and methods to prioritize incidents
Describe the Incident Response process
Use tools and methods to filter data and enhance the dataset
Use analysis tools and interfaces to perform incident response
Describe the Investigative Methodology
Describe a systematic approach to investigate metadata
Identify types of threats
Use the incident response process, the investigative methodology and tools to investigate multiple use cases using packets, logs and endpoint
Module 1: Analysis Tools and Processes Module 2: Investigating Metadata Module 3: Analysis Use Cases
If you have any questions, please contact your account manager orContact Us directly!