Introduction to the RSA NetWitness Platform

Document created by Craig Hansen Employee on Feb 2, 2016Last modified by Lisa Tiernan on Dec 11, 2019
Version 26Show Document
  • View in full screen mode

Access Training

 

 

In order to register for a class, you need to first create a Dell Education account

If you need further assistance, contact us

 

Summary

High-level introduction to RSA NetWitness Platform concepts and real-world use case demonstrations.

 

Overview

This On-Demand Learning includes the role and fundamental concepts of RSA NetWitness Platform. Threat visibility and analysis capabilities available via such tools as email reconstruction, event and file analysis, and meta keys are discussed, as well as basic architecture and data flow. Another section demonstrates the Platform in action when drawing data from infrastructure logs, network packet capture, and endpoint monitoring.

 

Audience

All NetWitness users and administrators.

 

Delivery Type

On-Demand Learning (self-paced eLearning)

 

Duration

90 Minutes

 

Prerequisite Knowledge/Skills

Knowledge of the following is suggested for attending this course:

  • None

 

Course Objectives

Upon successful completion of this course, participants should be able to:

  • For RSA NetWitness Network and Logs functionality, describe:
    • Infrastructure
    • Data flow
    • Usefulness of Metadata, Parsers, and compliance-driven Log storage tiers
  • For other Platform components, describe:
    • Distinction between Endpoint Insights and Advanced Endpoint
    • Critical host, file, and user activity visible only through Endpoint and UEBA
  • Perform a simple incident response workflow including pivots between the Respond and Investigate functionality

 

Course Outline

What is RSA NetWitness Platform?

  • 3 Kinds of insight and core value
  • Orchestrator and UEBA
  • Network packet capture flow
  • Event Analysis
  • Meta and the Investigate > Navigate view
  • RSA NetWitness parsing examples
  • RSA NetWitness Log capture flow
  • Endpoint Hosts and Files views
  • Data Flow
  • Custom Content

How Does It Work? Use Case demonstrations leveraging:

  • Advanced Endpoint & Network
  • UEBA
  • Endpoint Insights

 

 

 

 

 

 

Access Training

 

 

In order to register for a class, you need to first create a Dell Education account

If you need further assistance, contact us

Attachments

    Outcomes