RSA NetWitness Endpoint Analysis 4.3

Document created by Joseph Cantor Employee on Dec 18, 2019Last modified by Don Croad on Jan 19, 2020
Version 3Show Document
  • View in full screen mode





In order to register for a class, you need to first create a Dell Education account

If you need further assistance, contact us


This On-Demand training course enables RSA NetWitness Endpoint security analysts to use all major facets of the NetWitness Endpoint toolkit to identify malicious software and activity.



This recorded classroom training provides core essentials training for security analysts employing RSA NetWitness Endpoint. Students participate in an interactive lecture format and put into practice what they learn in instructor-assisted hands-on lab work in a simulated deployment.



This RSA NetWitness Endpoint training is intended as the core of Tier One security analysts or the fundamental knowledge required by experienced security analysts new to the tool.



16 hours


Prerequisite Knowledge/Skills

Students should have familiarity with the basic processes of security forensic analysis. Students should have completed the following courses (or have equivalent knowledge) prior to taking this training:

  • RSA NetWitness Endpoint Foundations 


Course Objectives

Upon successful completion of this course, participants should be able to:

  • Schedule scans using machine groups
  • Interpret scan results based on Module and Machine context
  • Consider advanced threats employing key Windows executables and processes
  • Build a simple attack/intrusion timeline to further chronology-based investigation
  • Create a YARA signature based on a real-world Trojan 










In order to register for a class, you need to first create a Dell Education account

If you need further assistance, contact us