RSA NetWitness Endpoint Foundations 4.3

Document created by Joseph Cantor Employee on Dec 18, 2019Last modified by Don Croad on Jan 19, 2020
Version 3Show Document
  • View in full screen mode





In order to register for a class, you need to first create a Dell Education account

If you need further assistance, contact us


This On-Demand training introduces security analysts and executives to the major features of RSA NetWitness Endpoint, including Instant Indicators of Compromise and the Modules and Machines interfaces.



This recorded training course provides a general introduction to RSA NetWitness Endpoint analysis. Students will participate in both lecture and hands-on experience using the RSA NetWitness Endpoint Analytics tool. The course consists of about 50% hands-on lab work, using a virtual lab environment.



Anyone new to RSA NetWitness Endpoint interested in increasing their familiarity with the tool’s features and functions within the context of endpoint investigation and analysis. 



8 hours


Prerequisite Knowledge/Skills

No prerequisite requirements but basic knowledge of malware, networking fundamentals and general security concepts is recommended.


Course Objectives

Upon successful completion of this course, participants should be able to:

  • Discuss what NetWitness Endpoint is and what it does
  • Identify architecture components
  • Review malicious modules
  • Prioritize modules and endpoint machines by apparent threat level
  • Navigate the NetWitness Endpoint interface to investigate suspicious files and processes
  • Make basic NetWitness Endpoint customizations
  • Perform basic analysis










In order to register for a class, you need to first create a Dell Education account

If you need further assistance, contact us