This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Education Courses
No ratings

RSA NetWitness Logs & Network Troubleshooting ESA EPL Rules

CraigHansen1
Beginner
Beginner

on ‎2016-02-04 09:48 PM

Access Training

In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us

 

Summary

This on-demand learning will enable you to troubleshoot RSA NetWitness Logs & Network Event Stream Analysis (ESA) Rules.

 

Overview

This self-paced on-demand learning will improve your understanding of how to troubleshoot RSA NetWitness Logs & Network Event Stream Analysis (ESA) rules. While troubleshooting ESA in general is an important skill, the #1 issue in the field is troubleshooting ESA rules in particular. With "just show me" videos, this course addresses the most common reasons that rules don't work. It first discusses ways to determine whether or not it is a "rule issue." It outlines the most common “rule issues" and provides approaches to resolving them. The course continues with tips, tricks, and tools for troubleshooting rules and general strategies for working with rules. It also will help you avoid some common "Gotchas." The content is designed for troubleshooting the 10.x versions of the product.

 

Audience

Anyone interested in troubleshooting ESA EPL rules


Delivery Type
On-Demand Learning

 

Duration

1.5 hours

 

Prerequisite Knowledge/Skills

Students should have completed the following courses (or have equivalent knowledge) prior to taking this training:

 

Course Objectives

Upon successful completion of this course, participants should be able to:

  • Describe basic-practices for troubleshooting SA ESA rules
  • After viewing “just show me” style videos, identify where to go, what to look for, and a common methods for resolving common issues with ESA rules
  • Describe tips and tricks to avoid common misconfigurations

 

Course Outline

  1. Introduction
    • Narrow down ESA troubleshooting to “Rule Issues”
    • Cursory Considerations for Rule oriented issues
    • Cross-site Correlation
  2. Types of ESA Rules Issues
    • Issues Downloading Published Content
    • Missing Required Meta
    • Rules Not Able to Synchronize
    • Syntax Errors
    • Too Many Alerts
    • Memory Issues from Poorly Written Rules
    • Meta Value Case-Sensitivity
    • Time Window Issues
    • Misuse of Order and Memory
    • Problems Getting Alerts – and Storage High
    • Issues involving Too Many Events
  3. Summary
  4. Assessment
  5. Course Evaluation

 

 

 

 

Access Training

In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us

Was this article helpful? Yes No
0 Likes
Version history
Last update:
‎2016-02-04 09:48 PM
Updated by:
Beginner
Contributors
© 2022 RSA Security LLC or its affiliates. All rights reserved.