RSA NetWitness Orchestrator Built on ThreatConnect - Fundamentals

Document created by Joseph Cantor Employee on Jun 30, 2020Last modified by Megan Henderson on Sep 25, 2020
Version 6Show Document
  • View in full screen mode

Access Training



In order to register for a class, you need to first create a Dell Education account

If you need further assistance, contact us



This on-demand course provides foundational concepts of the RSA NetWitness Orchestrator (ThreatConnect version). Students will gain insights into the major features of the product via video demonstrations, explanations, and screenshots.



Anyone interested in an overview of the RSA NetWitness Orchestrator solution.


Delivery Type
On-Demand Learning

180 Minutes

Prerequisite Knowledge/Skills

Students should have the following skills or taken the following training prior to attending this course:



Learning Objectives

Upon successful completion of this course, participants should be able to:

  • Describe the role, functionality, and analytic approach of RSA NetWitness Orchestrator built on ThreatConnect
  • Perform basic administrative tasks such as adding a new user and updating a cloud-based Playbook
  • Customizing your environment by enabling two-factor authentication, selecting which Indicators and groups are visible, and creating a custom space
  • Browse threat intelligence
  • Interpret and discern between scores for Threat Rating, Confidence, and ThreatAssess
  • Create a basic Workflow, Indicator, and Playbook
  • Interpret and assess the run results of a Playbook
  • Contribute to your organization's pool of knowledge by creating posts and associating your findings with indicators and groups


Course Outline

  • Module 1 – RSA NetWitness Orchestrator Overview
    • Describe RSA NetWitness Orchestrator as SOAR and Threat Intelligence solution
    • Describe Analytic Approach and threat model
  • Module 2 – Administration and Customization
    • View our current account profile
    • View available user roles
    • Enable the Collective Analytics Layer
    • Create an admin email message
    • Add a new user
    • Update a cloud-based Playbook
    • Customize displayed results
    • Add a custom Space to host one or more apps
  • Module 3 – Threat Intelligence Basics
    • Browse threat intelligence
    • Describe the ThreatConnect Premium Intelligence Source
    • Interpret Threat Rating, Confidence, and Threat Assess values
  • Module 4 – Workflow, Indicators, and Associations
    • Define terminology of workflow, indicators, and associations
    • View associations and indicators
    • Create a new indicator
  • Module 5 – Playbooks and Automation Basics
    • Describe a Playbook (A reusable chunk of automation)
    • Describe Triggers, Apps, Operators   
    • Perform typical steps for creating a playbook: Enrichment, Investigation, Response, Review
  • Module 6 – Collaboration
    • Enable privacy option for CAL data
    • Create a post and link it to an indicator or other object for future reference
    • Browse intelligence only from a collaborative source






Access Training



In order to register for a class, you need to first create a Dell Education account

If you need further assistance, contact us