on Oct 24, 2017
In order to register for a class, you need to first create an EMC account
If you need further assistance, contact us
Summary
The RSA NetWitness Endpoint Fundamentals on-demand learning provides an overview of NetWitness Endpoint’s role, familiarizes you with key components of the user interface, and enables you to conduct basic threat analysis.
Overview
This FREE on-demand learning provides an overview of RSA NetWitness Endpoint’s role and core functionality. Students will gain familiarity with the tool’s interface, a broad understanding of the team responsibilities necessary for effective threat detection, and a detailed understanding of basic threat analysis. Video-based instruction is used to reinforce the student’s familiarity with NetWitness Endpoint and the key Modules and Machines views. Concept review and further User Interface engagement is provided in the form of a series of interactive challenges.
Audience
Enterprise security analysts, consultants, incident response staff and managers, RSA NetWitness Endpoint administrators, and any other technical users who will employ or support the tool.
Delivery Type
On-Demand Learning (self-paced eLearning)
Duration
1.25 hours
Prerequisite Knowledge/Skills
No prerequisite requirements but basic knowledge of malware, networking fundamentals and general security concepts is recommended.
Learning Objectives
Upon successful completion of this course, participants should be able to:
- Describe the role of RSA NetWitness Endpoint in endpoint threat detection
- Understand the roles and responsibilities required within an NetWitness Endpoint team
- Detect known and some unknown malware executables and processes
- Determine the general NetWitness Endpoint architecture of any deployment
- Interpret module and machine lists in the NetWitness Endpoint interface
Detect malicious characteristics and behaviors in endpoint files and processes
Course Outline
- Overview
- The Challenge: Malware Inside
- A Malware Rogue’s Gallery
- Threats from Basic to Advanced
- Monitoring the Modules in the Endpoints
- NetWitness Endpoint Approach to Endpoint Threat Detection
- NetWitness Endpoint Scan Techniques
- Timeline of Typical Attack
- NetWitness Endpoint Architecture
- Option: The Roaming Agent Relay
- Installation and Deployment
- Tuning, Optimization, and Administration
Getting Started- Meet the Team
- Process: Getting Started
- Continual Analysis, Occasional Re-Tuning
- Main Menu
- Dashboard
- Machines
- Modules
- IP List
- Certificates
- Instant IOCs
- Downloads
- Events
- User Interface Walkthrough
- NetWitness Endpoint Packager
- Threat Detection
- Out of the Box Monitoring
- Whitelisting and Blacklisting
- Automatic Whitelisting and Blacklisting
- Additional Tuning and Optimization
- Analysis: Review Which Modules?
- Module Review
- Network Monitoring
- Behavior Tracking
- Confirm Trusted Module
- Confirm Malicious Module
- Forward to Security Analytics
- Edit Status and Remediation Action
- Active Hunting Tactics
- Team-Based Hunting
- A Week of NetWitness Endpoint
- Concept Review
- Interactive Interface Quiz
In order to register for a class, you need to first create an EMC account
If you need further assistance, contact us