RSA NetWitness Network Malware Analysis

Document created by Elizabeth Maloney Employee on Oct 4, 2016Last modified by Connor Mccarthy on May 9, 2018
Version 10Show Document
  • View in full screen mode

OnDemandLabDetailsRegister

 

 

In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us

 

 

Summary

This on-demand lab will provide students with training on the RSA NetWitness Network Malware Analysis module

 

Overview

This self-paced on-demand lab provides students with training on the Malware Analysis module of RSA NetWitness Network. Topics include an overview of the Malware Analysis module, configuration steps, and conducting an investigation. Lab exercises provide students with the ability to practice what they have learned. To maximize the value of your learning experience, this course also includes access to RSA University’s virtual environment.

 

Audience
Anyone interested in the Malware Analysis module of RSA NetWitness Network.

 

Delivery Type
On-Demand Lab


Duration
1 hour course and 3 hour lab


Accessing the Lab Environment
Lab exercises are performed in the RSA University virtual lab environment. The downloadable Lab Guide provides detailed instructions on access the environment. For more information please view the document Access RSA University Virtual Labs – available on the RSA University site: RSA University Content.

 

Prerequisite Knowledge/Skills

Students should have completed the following courses (or have equivalent knowledge) prior to taking this training:

 

Learning Objectives

Upon successful completion of this course, participants should be able to:

  • Describe the function of the NetWitness for Network Malware Analysis module
  • Describe the analysis methods that the Malware Analysis module uses to detect malicious file objects
  • Describe the Malware Analysis licensing model
  • Configure the general settings for Malware Analysis
  • Calibrate the IOCs for each scoring module
  • Configure installed anti-virus vendors
  • Conduct a malware analysis investigation
  • Upload and scan files
  • Scan files and events in list form

 

Course Outline
Module 1 – Malware Analysis Overview

  • Describe the function of the Malware Analysis module
  • Describe each of the analysis methods that Malware Analysis uses to detect malicious file objects
  • Describe the Malware Analysis licensing model
  • Discuss the scoring method used by the Indicators of Compromise (IOC) in Malware Analysis

 

Module 2 – Configuring the Malware Analysis Module

  • Add a Malware Analysis service
  • Navigate the Malware Analysis user interface
  • Configure the general settings for Malware Analysis
  • Calibrate the IOCs for each scoring module
  • Configure installed anti-virus vendors

 

Module 3 – Conducting a Malware Analysis Investigation

  • Demonstrate the various ways to launch a Malware Analysis investigation
  • Upload and scan files
  • Scan files and events in list form
  • View detailed malware analysis of an event

 

Exercise 1: Prepare the Environment

  • Create a trusted connection between Malware Analysis and NetWitness core devices
  • Create a Malware Analysis user account
  • Download resources from RSA Live

 

Exercise 2: Configure Malware Analysis

  • Configure the Malware Analysis appliance
  • Add data and validate data flow

 

Exercise 3: Conduct a Malware Analysis Investigation

  • Analyze malware in continuous mode
  • Analyze malware in ad-hoc mode
  • Conduct a malware analysis from the Investigation screen

 

 

 

 

OnDemandLabDetails

Register

 

 

In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us

Attachments

    Outcomes