RSA NetWitness Orchestrator Built on ThreatConnect - Incident Response

Document created by Joseph Cantor Employee on Nov 2, 2020Last modified by Don Croad on Jan 26, 2021
Version 3Show Document
  • View in full screen mode

On-Demand Lab Details

Register

 

 

In order to register for a class, you need to first create a Dell Education account

If you need further assistance, contact us

 

Summary

Looking for hands-on practice for the RSA NetWitness Orchestrator Built on ThreatConnect? This On-Demand Lab will teach you the skills for bridging RSA
NetWitness and third-party tools and alerts, and standardizing incident response with playbooks.

 

Overview

This On-Demand hands-on course outlines and demonstrates the use of RSA NetWitness Orchestrator Built on ThreatConnect for bridging RSA NetWitness and third-party tools and alerts, and standardizing incident response with playbooks. Fundamental concepts such as incident definitions also covered. .


Audience

All security analysts and SOAR engineers employing Orchestrator Built on ThreatConnect and NetWitness platform.

 

Delivery Type
On-Demand Lab (self-paced eLearning with lab)


Duration
4 hours
Note: RSA University’s on-demand lab environment is provided for 10 hours of overall practice time over a 14-day period.


Accessing the Lab Environment
Lab exercises are performed in the RSA University virtual lab environment. The downloadable Lab Guide provides detailed instructions on access the environment. For more information please view the document Access RSA University Virtual Labs – available on the RSA University site:

RSA University Content


Prerequisite Knowledge/Skills

 

Learning Objectives

Upon successful completion of this course, participants should be able to:

  • Describe core RSA NWOTC functionality
  • Implement NetWitness integration
  • Prepare RSA NWOTC playbook data handling
  • Create and utilize custom playbooks for incident response
  • Utilize 3rd party integrations for collection and enrichment

 

Course Outline

Module 1: Using RSA NetWitness® Orchestrator Built on ThreatConnect 

  • Explain the RSA NetWitness® Platform components related to incident response
  • Explain the Incident Response process related to Respond
  • Explain the process of creating Alerts and Incidents in NetWitness® Respond
  • Explain the basics of RSA NetWitness® Orchestrator functionality related to TIP and SOAR

 

Module 2: Creating a Playbook

  • Explain the RSA NetWitness® Orchestrator Respond/Alerts connector App
  • Explain the steps necessary to create a NetWitness® Orchestrator playbook
  • Explain the resources available on the ThreatConnect website regarding playbooks
  • Explain the ThreatConnect GitHub repository

 

Module 3: Using a Workflow 

  • Explain the Incident handling workflow
  • Explain the use of phases and tasks as they relate to workflows
  • Explain how to assign and use a workflow as part of incident response
  • Explain how workflow tasks can be used to interact with NetWitness® Orchestrator cases

 

 

 

 

 

 

On-Demand Lab Details

Register

 

 

In order to register for a class, you need to first create a Dell Education account

If you need further assistance, contact us

Attachments

    Outcomes