RSA NetWitness Logs and Network Analysis (11.0)

Document created by Joseph Cantor Employee on Dec 18, 2019Last modified by Joseph Cantor Employee on Jan 23, 2020
Version 4Show Document
  • View in full screen mode

On-demand

 

 

 

In order to register for a class, you need to first create a Dell Education account

If you need further assistance, contact us

Summary

This On-Demand training course provides experience using the features and functions of RSA NetWitness Logs & Network to perform forensic analysis on network-based security breaches.

 

Overview

This recorded classroom course provides hands-on experience using RSA NetWitness Logs & Network to identify, investigate and remediate network-based security breaches on your enterprise network. The course consists of about 75% hands-on lab work, following practical use cases from the identification and investigation stages through event reconstruction, damage assessment, and remediation. 

 

Audience

Governance, risk, and/or compliance professionals, business owners, or IT personnel who need to automate and streamline existing processes, integrate the RSA Archer platform with third-party systems, or deliver assessments across the enterprise

 

Duration

16 hours 

 

Prerequisite Knowledge/Skills

Students should have familiarity with the basic processes of cybersecurity forensic analysis, including some knowledge of network architecture, the TCP/IP stack, networking protocols, and integrating log and packet traffic to perform analysis on network-based security events.

Students should have completed the following courses (or have equivalent knowledge) prior to taking this training:

  • RSA NetWitness Logs & Network Foundations

 

Course Objectives

Upon successful completion of this course, participants should be able to:

  • Build dynamic dashboards to monitor network alerts
  • Create alerts to populate dashboards
  • Create alerts to populate meta keys
  • Use investigation and event reconstruction techniques to reconstruct breach events
  • Create reports to consolidate alerts across a configurable time period
  • Create alerts to generate incidents in the Incident Queue
  • Assign, document, and remediate incidents from within the Incident Queue
  • Identify, reconstruct, and remediate four sample use cases within the student laboratory SOC environment

 

 

 

 

 

 

On-demand

 

 

In order to register for a class, you need to first create a Dell Education account

If you need further assistance, contact us

Attachments

    Outcomes