This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Education Courses
  • NetWitness Community
  • NetWitness Education
  • Courses
  • NetWitness Platform ESA EPL Rules 11.3
  • Options
    • Subscribe to RSS Feed
    • Bookmark
    • Subscribe
    • Email to a Friend
    • Printer Friendly Page
    • Report Inappropriate Content
No ratings

NetWitness Platform ESA EPL Rules 11.3

CraigHansen1
CraigHansen1 Beginner
Beginner
Options
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

on ‎2016-02-04 09:12 PM - edited 4 weeks ago by Occasional Contributor aymanm2 Occasional Contributor

Netwitness-Education-2C (2).png

 

Access Training
for Customers/Partners

Access Training
for NetWitness Employees

 

 

 

 

$200 USD

 

 

2,000 Training Credits

 

 

 

Summary

This on-demand learning presents a recommended approach to learning EPL syntax and for writing EPL rules to detect threats

 

Overview

This on-demand learning identifies a best practice strategy for creating EPL rules as well as for learning the EPL rule syntax. It uses examples and use cases to illustrate EPL rule concepts, such as streams, constructs, data windows and time constraints.

 

Audience

Anyone interested in using RSA Security Analytics Event Stream Analysis to create EPL rules to help identify suspicious activity.

 

Delivery Type

On-Demand Learning

 

Duration

90 minutes

 

Prerequisite Knowledge/Skills

Students should have completed the following courses (or have equivalent knowledge) prior to taking this training:

  • Introduction to the RSA NetWitness Platform
  • RSA NetWitness Platform ESA Fundamentals
  • RSA NetWitness Platform Foundations

 

Course Objectives

Upon successful completion of this course, participants should be able to:

  • Describe the Esper engine and EPL
  • Describe EPL Rule Types
  • Describe data windows
  • Describe how time is calculated
  • Describe single-value and multi-value meta keys
  • Describe a recommended process for designing and writing EPL rules
  • Describe EPL syntax
  • Use the EPL Online Tool to design and test EPL rules
  • Create EPL rules for specific use cases
  • List the best practices for ESA rules

 

Course Outline

  1. EPL Overview
    • Event Processing Language
    • Esper engine
    • EPL rule types
    • EPL event stream
    • Data windows
    • How time is calculated in ESA
    • Single and multi-valued meta keys
    • EPL rule examples
  2. Writing EPL Rules
    • An effective way to learn EPL
    • Building an EPL library
    • Sample EPL templates
    • Recommended process for creating ESA rules
    • Designing rules checklist
    • Writing and testing rules guidelines
    • ESA meta keys
    • Creating EPL rules
    • Live Rules
    • Using the EPL online tool
  3. EPL Use Cases
    • Techniques for developing and testing EPL rules
    • Videos demonstrating common use cases
  4. Best Practices
    • General best practices
    • Trial rules
    • Best practice by task
    • Writing rules for accuracy
    • Writing rules for performance
    • EPL Caveats

 

 

If you have any questions, please contact your account manager or Contact Us directly!

 

  • &
  • 10.6
  • 11
  • 11.3
  • Admin
  • analyst
  • content expert
  • Ed Services
  • education
  • Education Services
  • elearning
  • english
  • EPL
  • epl rule
  • ESA
  • ESA Rule
  • event correlation
  • fee
  • Getting Started
  • learning
  • logs & network
  • logs & network esa epl rules
  • logs and packets
  • navigator
  • NetWitness
  • netwitness logs & network
  • netwitness navigator
  • netwitness training
  • NW
  • NWP
  • on demand learning
  • on demand training
  • on-demand
  • on-demand learning
  • Product Training
  • rsa
  • RSA NetWitness
  • rsa netwitness logs & network esa epl rules
  • RSA NetWitness Platform
  • RSA NetWitness Training
  • RSA University
  • RSAU
  • Rules
  • threat hunter
  • training
  • Training Course
  • university
  • Version 11
Was this article helpful? Yes No
3 Likes
Share
Version history
Last update:
4 weeks ago
Updated by:
Occasional Contributor aymanm2 Occasional Contributor
Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.