on Oct 4, 2016
In order to register for a class, you need to first create an EMC account
If you need further assistance, contact us
Summary
This on-demand lab will provide students with training on the RSA NetWitness Network Malware Analysis module
Overview
This self-paced on-demand lab provides students with training on the Malware Analysis module of RSA NetWitness Network. Topics include an overview of the Malware Analysis module, configuration steps, and conducting an investigation. Lab exercises provide students with the ability to practice what they have learned. To maximize the value of your learning experience, this course also includes access to RSA University’s virtual environment.
Audience
Anyone interested in the Malware Analysis module of RSA NetWitness Network.
Delivery Type
On-Demand Lab
Duration
1 hour course and 3 hour lab
Accessing the Lab Environment
Lab exercises are performed in the RSA University virtual lab environment. The downloadable Lab Guide provides detailed instructions on access the environment. For more information please view the document Access RSA University Virtual Labs – available on the RSA University site: RSA University Content.
Prerequisite Knowledge/Skills
Students should have completed the following courses (or have equivalent knowledge) prior to taking this training:
- RSA NetWitness Logs & Network Foundations
- RSA NetWitness Logs & Network Core Administration
- Previous experience performing malware analysis is recommended.
Learning Objectives
Upon successful completion of this course, participants should be able to:
- Describe the function of the NetWitness for Network Malware Analysis module
- Describe the analysis methods that the Malware Analysis module uses to detect malicious file objects
- Describe the Malware Analysis licensing model
- Configure the general settings for Malware Analysis
- Calibrate the IOCs for each scoring module
- Configure installed anti-virus vendors
- Conduct a malware analysis investigation
- Upload and scan files
- Scan files and events in list form
Course Outline
Module 1 – Malware Analysis Overview
- Describe the function of the Malware Analysis module
- Describe each of the analysis methods that Malware Analysis uses to detect malicious file objects
- Describe the Malware Analysis licensing model
- Discuss the scoring method used by the Indicators of Compromise (IOC) in Malware Analysis
Module 2 – Configuring the Malware Analysis Module
- Add a Malware Analysis service
- Navigate the Malware Analysis user interface
- Configure the general settings for Malware Analysis
- Calibrate the IOCs for each scoring module
- Configure installed anti-virus vendors
Module 3 – Conducting a Malware Analysis Investigation
- Demonstrate the various ways to launch a Malware Analysis investigation
- Upload and scan files
- Scan files and events in list form
- View detailed malware analysis of an event
Exercise 1: Prepare the Environment
- Create a trusted connection between Malware Analysis and NetWitness core devices
- Create a Malware Analysis user account
- Download resources from RSA Live
Exercise 2: Configure Malware Analysis
- Configure the Malware Analysis appliance
- Add data and validate data flow
Exercise 3: Conduct a Malware Analysis Investigation
- Analyze malware in continuous mode
- Analyze malware in ad-hoc mode
- Conduct a malware analysis from the Investigation screen
In order to register for a class, you need to first create an EMC account
If you need further assistance, contact us