RSA NetWitness Endpoint Foundations

Document created by Elizabeth Maloney Employee on Jul 25, 2016Last modified by Elizabeth Maloney Employee on May 1, 2017
Version 7Show Document
  • View in full screen mode

ScheduleandRegisterButton

ScheduleOnlyButton

 

 

 

In order to register for a class, you need to first create an EMC account
If you need further assistance, contact us

 

Summary

This classroom-based training introduces security analysts and executives to the major features of RSA NetWitness Endpoint, including Instant Indicators of Compromise and the Modules and Machines interfaces.

 

Overview

This classroom-based training provides a general introduction to RSA NetWitness Endpoint analysis. Students will participate in both lecture and hands-on experience using the RSA NetWitness Endpoint Analytics tool. The course consists of about 50% hands-on lab work, using a virtual lab environment.

 

Audience
Anyone new to RSA NetWitness Endpoint interested in increasing their familiarity with the tool’s features and functions within the context of endpoint investigation and analysis.

 

Delivery Type
Classroom

 

Duration
1 day

 

Prerequisite Knowledge/Skills
No prerequisite requirements but basic knowledge of malware, networking fundamentals and general security concepts is recommended.

 

Learning Objectives
Upon successful completion of this training, participants should be able to:

  • Discuss what NetWitness Endpoint is and what it does
  • Identify architecture components
  • Review malicious modules
  • Prioritize modules and endpoint machines by apparent threat level
  • Navigate the NetWitness Endpoint interface to investigate suspicious files and processes
  • Make basic NetWitness Endpoint
  • Perform basic analysis

 

Course Outline

  • Module 1 – What is NetWitness Endpoint
    • The ‘Enterprise Compromise Assessment Tool’
    • Endpoint visibility
    • Analytical tools
    • Scan requests
  • Module 2 – Architecture Overview
    • Overview
    • NetWitness Endpoint server
    • NetWitness Endpoint database
    • Endpoints
    • Key directories
  • Module 3 – NetWitness Endpoint Modules
    • Module interface
    • Filters
    • Daily responsibilities
    • Indicators of compromise (IOC)
    • Types of malicious modules
  • Module 4 – NetWitness Endpoint Machines
    • Interface
    • Status
    • View customization
    • Groups
    • Agent maintenance
  • Module 5 – Analysis Basics
    • Threat assessment
    • Signatures and recognition
    • Characteristics and behavior
    • Context

 

 

 

ScheduleandRegisterButton

ScheduleOnlyButton

 

 

 

In order to register for a class, you need to first create an EMC account
If you need further assistance, contact us

Attachments

    Outcomes