This classroom-based training introduces security analysts and executives to the major features of RSA NetWitness Endpoint, including Instant Indicators of Compromise and the Modules and Machines interfaces.
This classroom-based training provides a general introduction to RSA NetWitness Endpoint analysis. Students will participate in both lecture and hands-on experience using the RSA NetWitness Endpoint Analytics tool. The course consists of about 50% hands-on lab work, using a virtual lab environment.
Anyone new to RSA NetWitness Endpoint interested in increasing their familiarity with the tool’s features and functions within the context of endpoint investigation and analysis.
No prerequisite requirements but basic knowledge of malware, networking fundamentals and general security concepts is recommended.
Upon successful completion of this training, participants should be able to:
- Discuss what NetWitness Endpoint is and what it does
- Identify architecture components
- Review malicious modules
- Prioritize modules and endpoint machines by apparent threat level
- Navigate the NetWitness Endpoint interface to investigate suspicious files and processes
- Make basic NetWitness Endpoint
- Perform basic analysis
- Module 1 – What is NetWitness Endpoint
- The ‘Enterprise Compromise Assessment Tool’
- Endpoint visibility
- Analytical tools
- Scan requests
- Module 2 – Architecture Overview
- NetWitness Endpoint server
- NetWitness Endpoint database
- Key directories
- Module 3 – NetWitness Endpoint Modules
- Module interface
- Daily responsibilities
- Indicators of compromise (IOC)
- Types of malicious modules
- Module 4 – NetWitness Endpoint Machines
- View customization
- Agent maintenance
- Module 5 – Analysis Basics
- Threat assessment
- Signatures and recognition
- Characteristics and behavior