RSA NetWitness Logs & Network Foundations

Document created by Craig Hansen Employee on Feb 3, 2016Last modified by Connor Mccarthy on Jun 18, 2018
Version 44Show Document
  • View in full screen mode

Schedule & Register

Schedule Only

On-demand

 

 

 

 

In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us

 

Summary

This foundations course focuses on the core features and functions of the RSA NetWitness Logs & Network product for Administrators and Analysts.

 

Overview

This Instructor Led Training (ILT) course provides a foundational overview of the core components of RSA NetWitness Logs & Network. Students gain insight into the core concepts, uses, functions and features of RSA NetWitness Logs & Network and also gain practical experience by performing a series of hands-on labs.

 

Audience

Anyone new to RSA NetWitness Platform.

 

Duration

3 days (ILT)

 

Prerequisite Knowledge/Skills

Students should be familiar with basic computer architecture, networking fundamentals and general information security concepts. Basic knowledge of the TCP/IP protocol stack is beneficial.

 

Course Objectives

Upon successful completion of this course, participants should be able to:

  • Describe the NetWitness Logs & Network architecture, components and their functions
  • Describe how metadata is created
  • Differentiate between meta keys, meta values, and meta data
  • Investigate data using simple and complex queries
  • Customize the investigation display
  • Filter data using rules
  • Create new meta values using Application and Correlation rules and RSA Live content
  • Create alerts using ESA and reporting rules to track potential threats
  • Create and manage incidents

 

Course Outline

  1. RSA NetWitness Logs & Network Overview
    • What is RSA NetWitness Logs & Network?
    • RSA NetWitness Logs & Network architecture
    • Supported data sources
    • Key features and functions
    • Customizing the user interface
  2. Investigation Basics
    • What is metadata?
    • Differentiating between packets & network
    • Differentiating between data and metadata
    • Customizing the investigation screens
    • Viewing reconstructed events
    • Writing simple and complex queries
    • Describing the purpose of meta key indexing
    • Customizing data and meta data displays
    • Creating data visualizations
    • Creating meta groups
    • Creating custom column groups
    • Using complex queries, drills and views to perform investigations
  3. Refining the Dataset
    • Filtering data with rules
    • Taxonomy concepts for metadata
    • Using Application rules to create new meta
    • Using Correlation rules to create new meta
    • Deploying content from RSA Live to create new meta
    • Describing how parsers populate meta keys
    • Using alerts and metadata to investigate potential threats
    • Determining the cause of an incident
  4. Reporting and Alerting
    • Creating reports
    • Creating alerts to identify future threats
    • Creating ESA alerts
    • Managing incidents
    • Creating incidents

 

Course Numbers

ED-SA-TRAINUNIT (Training Units)

 

 

 

Schedule & Register

Schedule Only

On-demand

 

 

In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us

Attachments

    Outcomes