This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Education Courses
No ratings

RSA NetWitness Platform Content Creation 11.3

ConnorMccarthy
Beginner
Beginner

on ‎2017-10-30 02:55 PM

On-Demand

 

In order to register for a class, you need to first create a Dell Education account

If you need further assistance, contact us

Summary

This instructor-led course provides recommended methodologies for creating content to assist you in discovering, analyzing and resolving threats in RSA NetWitness Platform.

 

Overview

This course provides recommended methodologies for creating content to assist you in discovering, analyzing and resolving threats in RSA NetWitness Platform. Students will benefit from both lecture and hands-on lab exercises using a virtual environment to practice the techniques learned in class.

 

Audience

Anyone interested in creating content in RSA NetWitness to highlight and discover potential threats

 

Duration

2 days

 

Prerequisite Knowledge/Skills

Student should have completed or have comparable knowledge to what is provided in the following course:

RSA NetWitness Platform Foundations

 

Course Objectives

Upon successful completion of this course, participants should be able to:

  • Identify what content to use when
  • Describe the data model and process flow
  • Describe how to optimize content for performance and results
  • Monitor the performance of parsers
  • Create content for specific use cases
  • Create content from LIVE and other sources, such as STIX feeds
  • Create content using a recommended process
  • Create an alert taxonomy
  • Use reports to test the efficacy of rules
  • Create content for current threats
  • Whitelist normal traffic and false positives

 

Course Outline

Content Overview

  • Content types
  • When and how to use content
  • Data model
  • Data process flow
  • Performance considerations
  • Monitoring performance of alerts and parsers
  • Context menus
  • Content resources

Creating Content

  • Creating rules and alerts
  • Creating feeds and lists
  • Creating parsers

Deploying Content from Other Sources

  • LIVE content
  • STIX feeds
  • Entropy parser
  • JA3/JA3S encryption fingerprinting
  • Dashboards
  • MITRE ATT&CK Framework

Content Creation Techniques

  • Recommended methodology
  • Taxonomies
  • Using reporting to test rules
  • Creating content for current threats
  • Whitelisting normal traffic and false positives
  • Creating blacklists
  • Resolving unknown meta
  • Reusing meta keys

 

 

 

 

On-Demand

In order to register for a class, you need to first create a Dell Education account

If you need further assistance, contact us

Was this article helpful? Yes No
0 Likes
Version history
Last update:
‎2017-10-30 02:55 PM
Updated by:
Beginner
Contributors
© 2022 RSA Security LLC or its affiliates. All rights reserved.