RSA NetWitness Logs & Network Integration with RSA NetWitness Endpoint

Document created by Craig Hansen Employee on Jul 14, 2016Last modified by Connor Mccarthy on Apr 13, 2018
Version 14Show Document
  • View in full screen mode

Register Now

 

 

In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us

 

Summary

This on-demand learning covers how to configure integration between RSA NetWitness Logs & Network and RSA NetWitness Endpoint.

 

Overview

This on-demand learning describes how to integrate RSA NetWitness Logs & Network and RSA NetWitness Endpoint to perform investigations using both tools. It covers various forms of integration including syslog, Live feeds, recurring feed and Incident Management (message bus).

 

Audience

NetWitness Endpoint Administrators

NetWitness Logs & Network Administrators

 

Delivery Type

On-Demand Learning

 

Duration

1 hour

 

Prerequisite Knowledge/Skills

RSA NetWitness Endpoint Foundations (I day ILT)  or RSA NetWitness Endpoint Fundamentals (On-Demand Learning) or equivalent experience

 

Learning Objectives

Upon successful completion of this course, participants should be able to:

  • Identify integration requirements
  • Describe the types of integration
  • Configure NetWitness Endpoint for syslog to the Log Decoder
  • Configure NetWitness Endpoint alerts via the message bus
  • Configure contextual data from NetWitness Endpoint via recurring feed
  • Configure NetWitness Endpoint to receive Live feeds
  • Analyze data using NetWitness Logs & Network and NetWitness Endpoint

 

Course Outline

  • Integration Overview
    • Integration methods
    • Integration requirements
  • Syslog Integration
    • Configuration prerequisites
    • Configuration steps
    • Configuration results
    • Syslog integration demonstration
  • Incident Management Integration
    • Configuration prerequisites
    • Configuration steps
    • Configuration results
  • Feed Integration
    • Configuration prerequisites
    • Configuration steps
    • Configuration results
    • Feed integration demonstration
  • Live Feed Integration
    • Configuration prerequisites
    • Configuration steps
    • Configuration results
    • Live Feed integration demonstration
  • Analyzing data
    • Drilling into NetWitness Logs & Network from Endpoint
    • Drilling into Endpoint from NetWitness Logs & Network
    • Context Hub
    • Endpoint IOC Lookup
    • Endpoint ESA integration
    • Endpoint reporting integration

Register Now

 

 

In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us

Attachments

    Outcomes