RSA NetWitness Endpoint Troubleshooting

Document created by Elizabeth Maloney Employee on Jul 14, 2016Last modified by Elizabeth Maloney Employee on May 1, 2017
Version 19Show Document
  • View in full screen mode






In order to register for a class, you need to first create an EMC account
If you need further assistance, contact us



This on-demand lab presents an overview of troubleshooting steps and tips for RSA NetWitness Endpoint..



This self-paced on-demand lab examines common troubleshooting issues customers face in RSA NetWitness Endpoint implementations. You will first be presented with a common troubleshooting methodology framework in the context of RSA NetWitness Endpoint. Then, you will examine a number of common customer use cases where
you will identify the root cause of the issue, and remediate the problem. Lab exercises provide students with the ability to practice what they have learned. To maximize the value of your learning experience, this course also includes access to RSA University’s virtual environment.



Anyone interested in an overview of troubleshooting RSA NetWitness Endpoint


Delivery Type

On-Demand Lab



1.5 hours course and 2 hour lab
Note: RSA University’s lab environment is provided for 10 hours of overall practice time over a 14-day period.


Accessing the Lab Environment
Lab exercises are performed in the RSA University virtual lab environment. The downloadable Lab Guide provides detailed instructions on access the environment.
For more information please view the document Access RSA University Virtual Labs
available on the RSA University site: RSA University Content.


Prerequisite Knowledge/Skills

Students should have completed the following courses (or have equivalent knowledge) prior to taking this training:



Learning Objectives

Upon successful completion of this course, participants should be able to:

  • Describe and list general troubleshooting methodology in an RSA NetWitness Endpoint environment
  • Determine the overall health of an RSA NetWitness Endpoint environment
  • Troubleshoot the most common RSA NetWitness Endpoint issues
  • Use common tools to identify and/or remediate common RSA NetWitness Endpoint issues
  • Identify symptoms of a non-functioning ECAT environment
  •  Resolve Agent issues
  • Resolve Server issues
  • Monitor connected machines in the ECAT UI


Course Outline

  • Module 1 - General Troubleshooting Methodology
    • General Methodology
    • Incorporation of Process in RSA NetWitness Endpoint Environment
  • Module 2 - Troubleshooting Basics in an RSA NetWitness Endpoint Environment
    • ECAT Components
    • Standard Behaviors
  • Module 3 - Troubleshooting the Flow of a Scan
    • ConsoleServer Activity
    • Component Issues
    • Decision Tree/Process Flow
  • Module 4 - Troubleshooting General Issues
    • Files Path
    • Broker Not Enabled
    • Stored Procedure
  • Module 5 - Additional Troubleshooting Resources
    • Tools
    • Links
    • Libraries

Exercise 1: Agent Machines are not Appearing in the
User Interface
Exercise 2: Agent Machines are not Updating in the
User Interface
Exercise 3: Agent Installation Issues






In order to register for a class, you need to first create an EMC account
If you need further assistance, contact us