In order to register for a class, you need to first create a Dell Education account
If you need further assistance, contact us
Summary
This instructor-led course provides recommended methodologies for creating content to assist you in discovering, analyzing and resolving threats in RSA NetWitness Platform.
Overview
classroom training provides recommended methodologies for creating content to assist you in discovering, analyzing and resolving threats in RSA NetWitness Platform. Students will benefit from both lecture and hands-on lab exercises using a virtual environment to practice the techniques learned in class.
Audience
Anyone interested in creating content in RSA NetWitness to highlight and discover potential threats
Duration
2 days
Prerequisite Knowledge/Skills
Student should have completed or have comparable knowledge to what is provided in the following course:
RSA NetWitness Platform Foundations
Course Objectives
Upon successful completion of this course, participants should be able to:
- Identify what content to use when
- Describe the data model and process flow
- Describe how to optimize content for performance and results
- Monitor the performance of parsers
- Create content for specific use cases
- Create content from LIVE and other sources, such as STIX feeds
- Create content using a recommended process
- Create an alert taxonomy
- Use reports to test the efficacy of rules
- Create content for current threats
- Whitelist normal traffic and false positives
Course Outline
Content Overview
- Content types
- When and how to use content
- Data model
- Data process flow
- Performance considerations
- Monitoring performance of alerts and parsers
- Context menus
- Content resources
Creating Content
- Creating rules and alerts
- Creating feeds and lists
- Creating parsers
Deploying Content from Other Sources
- LIVE content
- STIX feeds
- Entropy parser
- JA3/JA3S encryption fingerprinting
- MITRE ATT&CK Framework
- Dashboards
Content Creation Techniques
- Recommended methodology
- Taxonomies
- Create feeds for business context
- Using reporting to test rules
- Creating content for current threats
- Whitelisting normal traffic and false positives
- Creating blacklists
- Identifying unknown meta
In order to register for a class, you need to first create a Dell Education account
If you need further assistance, contact us