RSA NetWitness SecOps Manager Solution Basics

Document created by Craig Hansen Employee on Feb 4, 2016Last modified by Elena Komarova on May 11, 2017
Version 10Show Document
  • View in full screen mode

ScheduleandRegisterButton

ScheduleOnlyButton

 

 

 

In order to register for a class, you need to first create an EMC account
If you need further assistance, contact us

 

Summary

This classroom-based training provides an overview of the concepts, processes, and procedures to effectively use RSA SecOps Manager Solution in a Security Operations Center. 

 

Overview

Students will gain knowledge of the structure and operations of the RSA Security Operations Management Solution through presentations and hands-on exercises. This classroom-based training addresses the tasks and responsibilities of several typical roles and personas that are part of an organization’s Security Operations Center.

 

Audience

Customers who perform the following jobs can benefit from this course:

  • Security Operations Center (SOC) manager
  • Breach coordinator
  • Incident coordinator
  • Incident handler
  • IT Helpdesk analyst

 

Delivery Type

Live or Virtual Classroom (learn more about modalities)

 

Duration

2 days

 

Prerequisite Knowledge/Skills

To receive the most benefit from this training, we recommend that students have:
• Basic understanding of the use and management of RSA Archer and RSA Archer Enterprise Management Solution
• Basic understanding of the use and management of RSA Security Analytics
• Familiarity with basic security event reporting and analysis
• Familiarity with basic Security Operations Center functions and tasks

 

Course Objectives

Upon successful completion of this course, participants should be able to:

  • Understand the industry standards such as VERIS, NIST, and SANS with respect to reporting and managing a security incident response process; and how RSA NetWitness SecOps Manager Solution is so aligned
  • Understand the high-level solution architecture of the RSA NetWitness SecOps Manager Solution
  • Explain the security operations management workflow supported by the RSA Security Operations Management Solution
  • Explain and navigate the built-in dashboards of the RSA NetWitness SecOps Manager Solution
  • Identify and understand the differences between the six personas (roles) supported by the RSA Security Operations Management Solution
  • Understand the workflows in the solution for the respective SOC personas
  • Identify the phases and workflow relating to incident management
  • Understand the contribution of RSA NetWitnes SecOps Manager Solution to SOC operations

 

Course Outline

  • Security Operations Management Overview
    • Function and purpose of a Security Operations Center (SOC)
    • Security incident response industry standards [VERIS, NIST, and SANS]
    • Capabilities of RSA NetWitness SecOps Manager Solution
    • Solution architecture
    • Key personas in Security Operations Management
    • Security Operations workflow
    • RSA Archer Enterprise Management Solution Overview
  • Introduction to RSA NetWitness SecOps Manager Solution
    • RSANetWitness SecOps Manager Solution dashboards and navigation
    • RSA NetWitness SecOps Manager Solution implementation lifecycle
  • Managing SOC Readiness
    • Managing the SOC staff and Contacts
    • Managing SOC policies and procedures
  • Incident Response
    • Incident response workflow
    • Alerts and incidents; aggregating alerts
    • Incident types
    • Incident Declaration, Creation, Assignment, Review, and Closure
    • Incident response tasks
    • Incident escalation
    • Incident investigation, forensic and impact analysis
    • Handling shift handovers
  • Data Breach Response
    • Data Breach response workflow
    • Breach risk assessment
    • Declaring a breach
    • Creating and assigning breach tasks
    • Executing a call tree
  • Remediation
    • Issue remediation workflow
    • Findings process
    • Resolving and reviewing findings
    • Exception process
    • Remediation plan

ScheduleandRegisterButton

ScheduleOnlyButton

 

 

 

In order to register for a class, you need to first create an EMC account
If you need further assistance, contact us

Attachments

    Outcomes