RSA NetWitness Endpoint Fundamentals

Document created by Craig Hansen Employee on Feb 4, 2016Last modified by Elizabeth Maloney on May 1, 2017
Version 13Show Document
  • View in full screen mode

Register Now

 

 

 

In order to register for a class, you need to first create an EMC account
If you need further assistance, contact us

Summary

The RSA NetWitness Endpoint Fundamentals ondemand learning provides an overview of NetWitness Endpoint’s role, familiarizes you with key components of the user interface, and enables you to conduct basic threat analysis.

 

Overview

This on-demand learning provides an overview of RSA NetWitness Endpoint’s role and core functionality. Students will gain familiarity with the tool’s interface, a broad understanding of the team responsibilities necessary for effective threat detection, and a detailed understanding of basic threat analysis. Video-based instruction is used to reinforce the student’s familiarity with NetWitness Endpoint and the key Modules and Machines views. Concept review and further User Interface engagement is provided in the form of a series of interactive challenges.

 

Audience

Enterprise security analysts, consultants, incident response staff and managers, RSA NetWitness Endpoint administrators, and any other technical users who will employ or support the tool.

 

Delivery Type

On-Demand Learning

 

Duration

75 minutes

 

Prerequisite Knowledge/Skills

No prerequisite requirements but basic knowledge of malware, networking fundamentals and general security concepts is recommended.

 

Learning Objectives

Upon successful completion of this course, participants should be able to:

  • Describe the role of RSA NetWitness Endpoint in endpoint threat detection
  • Understand the roles and responsibilities required within an NetWitness Endpoint team
  • Detect known and some unknown malware executables and processes
  • Determine the general NetWitness Endpoint architecture of any deployment
  • Interpret module and machine lists in the NetWitness Endpoint interface
  • Detect malicious characteristics and behaviors in endpoint files and processes

 

Course Outline

  • Overview
    • The Challenge: Malware Inside
    • A Malware Rogue’s Gallery
    • Threats from Basic to Advanced
    • Monitoring the Modules in the Endpoints
    • NetWitness Endpoint’s Approach to Endpoint Threat Detection
    • NetWitness Endpoint’s Scan Techniques
    • Timeline of Typical Attack
    • NetWitness Endpoint Architecture
    • Option: The Roaming Agent Relay
    • Installation and Deployment
    • Tuning, Optimization, and Administration
  • Getting Started
    • Meet the Team
    • Process: Getting Started
    • Continual Analysis, Occasional Re-Tuning
    • Main Menu
    • Dashboard
    • Machines
    • Modules
    • IP List
    • Certificates
    • Instant IOCs
    • Downloads
    • Events
    • User Interface Walkthrough
    • NetWitness Endpoint Packager
  • Threat Detection
    • Out of the Box Monitoring
    • Whitelisting and Blacklisting
    • Automatic Whitelisting and Blacklisting
    • Additional Tuning and Optimization
    • Analysis: Review Which Modules?
    • Module Review
    • Network Monitoring
    • Behavior Tracking
    • Confirm Trusted Module
    • Confirm Malicious Module
    • Forward to Security Analytics
    • Edit Status and Remediation Action
    • Active Hunting Tactics
    • Team-Based Hunting
  • A Week of NetWitness Endpoint
    • Concept Review
    • Interactive Interface Quiz

Register Now

 

 

 

In order to register for a class, you need to first create an EMC account
If you need further assistance, contact us

Attachments

    Outcomes