This course focuses on setting up RSA NetWitness for Logs and Packets Administration and Operations.
This Live Instructor-Led course provides students with additional knowledge and skills related to the administration and operation of RSA NetWitness Logs and Packets. Topics covered include Health and Wellness, Event Source Monitoring, Integrating RSA SecurID Two-Factor Authentication, file structure and services review, backup and recovery topics and where to get help.
Customer, PS, SE, Partner, CS
Students should have familiarity with the basic processes of cybersecurity forensic analysis, including some knowledge of network architecture, the TCP/IP stack, and networking protocols.
Students should also have completed the following courses (or have equivalent knowledge) prior to taking this training:
- RSA NetWitness Logs and Packets Foundations
- RSA NetWitness Logs and Packets Core Administration
Upon successful completion of this course, participants should be able to:
- Define Health and Wellness policies, rules and alarms
- Identify how Event Source Monitoring works
- Create Event Source groups and policies
- Configure RSA NetWitness to Authenticate using RSA SecurID
- Perform administrative tasks using Explore, REST and NwConsole
- List the major services
- Identify the databases used within RSA NetWitness
- Locate and view log files
- Review Backup and Recovery strategies
- Perform a backup and recovery
- Health and Wellness
- Event Source Monitoring
- Configuring RSA NetWitness to Authenticate using RSA SecurID
- Administration Tools
- Files, Services and Daemons
- Backup and Recovery