RSA NetWitness Logs & Network Event Sources

Document created by Craig Hansen Employee on Feb 4, 2016Last modified by Connor Mccarthy on Jun 27, 2018
Version 17Show Document
  • Comment0
  • View in full screen mode

Register Now

 

 

 

In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us

 

Summary

This on-demand learning focuses on how to configure RSA NetWitness log collection for a variety of event sources.

 

Overview

This self-paced on-demand learning provides an overview of how RSA NetWitness Logs & Network log collection is configured and performed for a variety of event source types such as Windows, File Reader, ODBC, Check Point Firewall, VMware, SDEE, SNMP and Netflow.

 

Audience

RSA NetWitness Logs & Network administrators

 

Delivery Type

On-Demand Learning

 

Duration

2 hours

 

Prerequisite Knowledge/Skills

Students should be familiar with basic computer architecture, data networking fundamentals and general information security concepts. A background in Enterprise networking and data communications is required.

 

Students should also have completed or otherwise have the skills acquired from the following course(s):

 

 

Learning Objectives

Upon successful completion of this course, participants should be able to:

  • Configure capture for log data
  • Configure log collection for the following event source types
    • Windows
    • File Reader
    • ODBC
    • Check Point Firewall
    • VMware
    • SDEE
    • SNMP
    • Netflow
  • Validate data capture
  • Create event source groups
  • Monitor event sources
  • Perform basic troubleshooting for event source collection

 

Course Outline

  1. Log Collection Overview
    • Log collector service
    • Local and remote log collectors
    • Log collection failover
    • Starting/stopping log collection
    • Configuring event sources
    • Connecting a syslog event source
  2. Configuring Log Collection for Windows
    • Configuring the Windows event source
    • Starting collection
    • Troubleshooting the Windows event source
  3. Configuring Log Collection for File Reader
    • Configuring the event source
    • Troubleshooting the File Reader event source
  4. Configuring Log Collection for ODBC
    • Configuring the event source
    • Troubleshooting the ODBC event source
  5. Configuring Log Collection for Check Point Firewall
    • Configuring the event source
    • Troubleshooting the Check Point event source
  1. Configuring Log Collection for VMware
    • Configuring the event source
    • Starting collection
    • Troubleshooting the event source
  2. Configuring Log Collection for SDEE
    • Configuring the event source
    • Starting collection
    • Troubleshooting the event source
  3. Configuring Log Collection for SNMP
    • Configuring the event source
  4. Configuring Log Collection for Netflow
    • Configuring the event source
  5. General Log Collection Troubleshooting
    • Setting debug mode
    • Debug messages
    • Checking the event source queue
    • Troubleshooting checklist
    • Checking the services
  6. Event Source Grouping and Monitoring
    • Event source groups
    • Event source group attributes
    • Event source monitoring
    • Event source alerting

 

 

 

 

 

Register Now

 

In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us

Attachments

    Outcomes