Introduction to the RSA NetWitness Platform

Document created by Craig Hansen Employee on Feb 2, 2016Last modified by Don Croad on Sep 28, 2020
Version 27Show Document
  • View in full screen mode

Access Training

 

 

In order to register for a class, you need to first create a Dell Education account

If you need further assistance, contact us

 

Summary

High-level introduction to RSA NetWitness Platform concepts and real-world use case demonstrations.

 

Overview

This On-Demand Learning includes the role and fundamental concepts of RSA NetWitness Platform. Threat visibility and analysis capabilities available via such tools as session reconstruction, event and file analysis, and meta keys are discussed, as well as basic architecture and data flow. Another section demonstrates the Platform in action when drawing data from infrastructure logs, network packet capture, and endpoint monitoring.

 

Audience

All NetWitness users and administrators.

 

Delivery Type

On-Demand Learning (self-paced eLearning)

 

Duration

90 Minutes

 

Prerequisite Knowledge/Skills

Knowledge of the following is suggested for attending this course:

  • None

 

Course Objectives

Upon successful completion of this course, participants should be able to:

  • Describe the goals of NW Network, Logs, Endpoint
  • Define new Endpoint policy group
  • Describe the roles of Orchestrator and UEBA
  • Describe the architecture for NW Platform, including decoders, concentrators, the admin server, and ESA
  • Define metadata in the context of NW
  • Define the role and nature of parsers
  • Describe the role of NetWitness Logs for data retention regulatory compliance
  • Define the features of Endpoint Insights and Advanced Endpoint
  • Describe the information available from the Hosts and Files views
  • Define the roles of custom content such as app rules and Berkley Packet Filters 

 

Course Outline

What is RSA NetWitness Platform?

  • 3 primary types of data collection: network, logs, endpoint
  • Core architecture of every deployment
  • Roles of Orchestrator and UEBA

Network

  • Packet capture data flow
  • Investigate > Navigate
  • Session reconstruction from packets
  • What is Meta?
  • What is a parser?

Logs

  • Log capture data flow
  • What is a log parser?
  • Data retention via NW Logs
  • Tiers of data storage

Endpoint

  • Insights vs. Advanced Endpoint
  • Global Hosts & Host Details
  • Global Files view

Data flow & custom content

  • Log data flow example
  • Packet data flow example
  • Endpoint data flow
  • Differentiating filters, rules, parsers, and feeds
  • What does Live Content contain?

Use Cases

 

 

 

 

 

 

 

Access Training

 

 

In order to register for a class, you need to first create a Dell Education account

If you need further assistance, contact us

Attachments

    Outcomes