RSA Hunting Workshop for Analysts

Document created by Craig Hansen Employee on Mar 23, 2016Last modified by Connor Mccarthy on Aug 9, 2018
Version 19Show Document
  • View in full screen mode

Schedule & Register

Schedule Only

 

 

In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us

 

Summary

This workshop presents the opportunity to spend class time working in a hands-on virtual environment, with minimal lecture and materials. Students will be provided with a complex use cases to work through, involving a network-based attack resulting in end-point malware infection.

 

Overview

This instructor-led workshop presents students with the opportunity to perform a realistic forensic security analysis in a hands-on environment working with RSA NetWitness Logs & Network and RSA NetWitness Endpoint. Students will be provided with a complex, multipart cyberattack use case to work through, and will be tasked with finding key evidence about the attack, identifying targeted and compromised systems, reconstructing the sequence of events, and proposing a remediation plan. Students will be given a minimum amount of introductory information, and will conduct their analyses using their knowledge of networking protocols, endpoint operating systems, and common cyberattack vectors. An instructor will be present to guide students individually as they work their way through the data set.

 

Audience

Security Analysts interested in using RSA NetWitness Logs & Network and RSA NetWitness Endpoint to locate anomalies on the network and endpoint devices, to diagnose and track malware infections, and to reconstruct a cyber-attack in a realistic virtual enterprise setting.

 

Duration

2 days (ILT)

 

Prerequisite Knowledge/Skills

Students should have familiarity with RSA products including NetWitness Logs & Network and NetWitness Endpoint, knowledge of common network protocols and endpoint operating systems, and six months or more experience working as a security analyst.

 

Course Objectives

Upon successful completion of this course, participants should be able to:

  • interpret protocol headers to identify anomalous sessions
  • identify compromised files on endpoint systems inside the network
  • reconstruct network sessions and navigate through related sessions of interest
  • reconstruct the steps of an exploit in a coherent sequence of related events
  • document findings in a standard forensic analyst reporting template
  • use findings to create a suggested remediation plan

 

Course Numbers

ED ASOC HUNT 110

 

 

 

 

 

 

Schedule & Register

Schedule Only

 

 

In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us

Attachments

    Outcomes