This classroom-based training introduces security analysts and executives to the major features of RSA NetWitness Endpoint, focusing on Advanced Endpoint functionality introduced in RSA NetWitness Platform 11.3.
This training provides a general introduction to RSA NetWitness Endpoint, including architecture and data flow, analysis workflow and interface, as well as characteristics of malicious files and behavior. The two days consist of about 50% lecture and 50% hands-on lab work in a virtual environment.
Anyone new to RSA NetWitness Endpoint interested in increasing their familiarity with the tool’s analysis and admin functionality. Familiarity with other RSA NetWitness Platform tools is recommended.
Recommended Prerequisite Knowledge/Skills
RSA NetWitness Platform Foundations or equivalent knowledge
Basic knowledge of malware, networking fundamentals and general security concepts.
Upon successful completion of this training, participants should be able to:
Define what NetWitness Endpoint is and what it does
Identify architecture components
Triage assessment of potentially malicious files and hosts by risk score
Navigate the NetWitness Endpoint interface to investigate suspicious files and processes
Customize the Endpoint interface
Perform basic threat assessment in context of NetWitness metadata