This is an Instructor Led Training class, for On-Demand/Self-Paced please clickhere
This course covers basic NetWitness Platform functionality, introducing the student to foundational aspects of the solution. This is an update to version 11.6.
This course covers NetWitness Platform architecture, data flow, core and enhanced components, metadata concepts, rules, investigation techniques including queries, filtering and pivoting, along with reporting, alerting and incident management. Overviews of Endpoint Insights, Advanced Endpoint, UEBA and NetWitness Orchestrator are also provided. Students will gain insights into using the major features of the platform through a combination of lecture and demonstration, as well as practical hands-on exercises that reinforce the concepts.
Anyone interested and new to NetWitness Platform.
Duration: 3 days
Introduction to NetWitness Platform on demand learning Students should be familiar with basic computer architecture, networking fundamentals and general information security concepts. Basic knowledge of the TCP/IP protocol stack is beneficial.
Upon completion of this training, the student should be able to:
Describe the NetWitness® Platform architecture, core components and functions
Navigate and customize the user interface
Describe how metadata is created and stored
Differentiate between meta keys, meta values, sessions and events
Use event views to perform simple analysis
Investigate data using queries, pivots and drill points
Describe data filtering techniques
Create new meta values using rules and feeds
Deploy LIVE content
Describe Reporting Engine basics
Describe data correlation and ESA
Generate ESA and Reporting alerts
Create and manage incidents
Describe Endpoint Insights and analyze Endpoint meta.
Describe the roles of NetWitness UEBA and NetWitness Orchestrator 6.0