RSA NetWitness Endpoint Fundamentals

Document created by Connor Mccarthy Employee on Oct 24, 2017Last modified by Joseph Cantor on Aug 1, 2019
Version 4Show Document
  • View in full screen mode

Register Now



In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us



The RSA NetWitness Endpoint Fundamentals on-demand learning provides an overview of NetWitness Endpoint’s role, familiarizes you with key components of the user interface, and enables you to conduct basic threat analysis.



This FREE on-demand learning provides an overview of RSA NetWitness Endpoint’s role and core functionality.  Students will gain familiarity with the tool’s interface, a broad understanding of the team responsibilities necessary for effective threat detection, and a detailed understanding of basic threat analysis. Video-based instruction is used to reinforce the student’s familiarity with NetWitness Endpoint and the key Modules and Machines views. Concept review and further User Interface engagement is provided in the form of a series of interactive challenges.


Enterprise security analysts, consultants, incident response staff and managers, RSA NetWitness Endpoint administrators, and any other technical users who will employ or support the tool.

Delivery Type
On-Demand Learning (self-paced eLearning)

1.25 hours

Prerequisite Knowledge/Skills

No prerequisite requirements but basic knowledge of malware, networking fundamentals and general security concepts is recommended.


Learning Objectives

Upon successful completion of this course, participants should be able to:

  • Describe the role of RSA NetWitness Endpoint in endpoint threat detection
  • Understand the roles and responsibilities required within an NetWitness Endpoint team
  • Detect known and some unknown malware executables and processes
  • Determine the general NetWitness Endpoint architecture of any deployment
  • Interpret module and machine lists in the NetWitness Endpoint interface

Detect malicious characteristics and behaviors in endpoint files and processes


Course Outline

  • Overview
    • The Challenge: Malware Inside
    • A Malware Rogue’s Gallery
    • Threats from Basic to Advanced
    • Monitoring the Modules in the Endpoints
    • NetWitness Endpoint Approach to Endpoint Threat Detection
    • NetWitness Endpoint Scan Techniques
    • Timeline of Typical Attack
    • NetWitness Endpoint Architecture
    • Option: The Roaming Agent Relay
    • Installation and Deployment
  • Tuning, Optimization, and Administration
    Getting Started
    • Meet the Team
    • Process: Getting Started
    • Continual Analysis, Occasional Re-Tuning
    • Main Menu
    • Dashboard
    • Machines
    • Modules
    • IP List
    • Certificates
    • Instant IOCs
    • Downloads
    • Events
    • User Interface Walkthrough
    • NetWitness Endpoint Packager
  • Threat Detection
    • Out of the Box Monitoring
    • Whitelisting and Blacklisting
    • Automatic Whitelisting and Blacklisting
    • Additional Tuning and Optimization
    • Analysis: Review Which Modules?
    • Module Review
    • Network Monitoring
    • Behavior Tracking
    • Confirm Trusted Module
    • Confirm Malicious Module
    • Forward to Security Analytics
    • Edit Status and Remediation Action
    • Active Hunting Tactics
    • Team-Based Hunting
  • A Week of NetWitness Endpoint
    • Concept Review
    • Interactive Interface Quiz

Register Now



In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us