RSA NetWitness Platform Introduction to Hunting 11.4

Document created by Joseph Cantor Employee on Apr 2, 2020Last modified by Joseph Cantor Employee on Apr 28, 2020
Version 4Show Document
  • View in full screen mode

Schedule & Register

Schedule Only 

On-demand

 

 

In order to register for a class, you need to first create a Dell Education account

If you need further assistance, contact us

 

 

Summary

Interested in hunting? Don’t know where to start? This course is a great place to begin as we will give you a recommended approach for identifying threats using the RSA NetWitness Platform.

 

Overview

This classroom training provides an overview of threat hunting and covers hunting tools, content and methodologies that can be used to proactively find suspicious behavior. Students will apply the techniques acquired in this course to identify anomalies and find threats in the environment using Packets, Logs and Endpoint.

 

Audience

Anyone interested in hunting with the RSA NetWitness Platform

 

Duration

2 days

 

Prerequisite Knowledge/Skills

Students should have the following skills or taken the following training (or have equivalent knowledge) prior to attending this course:

• Introduction to the RSA NetWitness Platform

• RSA NetWitness Platform Foundations

• RSA NetWitness Platform Analysis

 

Course Objectives

Upon successful completion of this course, participants should be able to:

• Describe threat hunting and incident response roles.
• Describe the RSA NetWitness Hunting Guide.
• Describe the hunting methodology.
• Describe the Hunting Pack meta .
• Describe the UEBA Essentials Content Pack.
• Describe the UEBA Essentials Hunting Guide.
• Describe the MITRE’s ATT&CK™ frameworks.
• Describe RSA NetWitness Hunting Cards.
• Describe the basics of hunting with RSA NetWitness Endpoint.
• Describe RSA NetWitness Platform hunting tools.
• Identify protocol/service anomalies.
• Identify indicators of malicious traffic.
• Use hunting techniques, methodology and tools to detect threats.
• Respond to incidents.
• Report findings.

 

Course Outline

  • Threat hunting
  • Investigation Model
  • RSA NetWitness Hunting Guide and Hunting Pack
  • Hunting Methodology
  • RSA NetWitness UEBA Essentials Contnet Pack
  • RSA NetWitness Hunt Cards
  • Hunting with RSA NetWitness Endpoint
  • Identifying protocol anomalies
  • Indicators of Compromise
  • Attack characteristics
  • Creating a security incident report
  • Hunting for threats

 

 

 

 

 

 

 

Schedule & Register

Schedule Only 

On-demand

 

 

In order to register for a class, you need to first create a Dell Education account

If you need further assistance, contact us

Attachments

    Outcomes