RSA NetWitness Logs & Network Installation and Configuration (version 10.6)

Document created by Connor Mccarthy Employee on Apr 16, 2018Last modified by Connor Mccarthy Employee on Apr 16, 2018
Version 2Show Document
  • View in full screen mode




In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us



This on-demand lab provides students with training on installing and configuring RSA NetWitness Logs & Network.



This self-paced on-demand lab walks you through the process of installing RSA NetWitness Logs & Network. Through a series of videos, you will first review the hardware components of a NetWitness Logs & Network implementation. You will then walk through how to install the various services, including: the Server, Decoders, the Concentrator, and Broker. You will then be shown how to configure the services and connect them together to allow data to flow through the system. After confirming data is flowing through the system, you will review the steps to check the health and wellness of the system. Lab exercises provide you with the ability to practice what you have learned. To maximize the value of your learning experience, this course also includes access to RSA University’s virtual environment.



Anyone interested in installing and configuring RSA NetWitness Logs & Network


Delivery Type
On-Demand Lab (self-paced eLearning with Lab)


4 hour course and 2 hour lab

Note: RSA University’s lab environment is provided for 10 hours of overall practice time over a 14-day period.


Accessing the Lab Environment

Lab exercises are performed in the RSA University virtual lab environment. The downloadable Lab Guide provides detailed instructions on access the environment.


For more information please view the document Access RSA University Virtual Labs – available on the RSA University site: RSA University Content

Prerequisite Knowledge/Skills

Students should be familiar with basic computer architecture, networking fundamentals and general information security concepts. Basic knowledge of the TCP/IP protocol stack is beneficial. Students should have completed the following courses (or have equivalent knowledge) prior to taking this training:

  • RSA NetWitness Logs and Packets Introduction


Learning Objectives

Upon completion of this course, participants should be able to:

  • Explain elements of the proper process for installation and configuration
  • Successfully connect the hardware that will be used
  • Locate documentation and web-based resources for installation
  • Identify processes that require special attention during installation
  • Summarize the important configuration tasks Enable all host machines
  • Configure the environment to allow for data transmissions
  • Ensure data is flowing properly through the system


Course Outline

Module 1 - Course Introduction

Module 2 - Hardware Configuration

  • Overview of Series IV Hardware
  • Overview of DAC
  • Illustrate cabling of devices
  • Configuring and allocating storage


Module 3 - Building a Hybrid Appliance

  • Installation of CentOS
  • Installation of the Server


Module 4 - Installing Security Analytics Components

  • Installation of Decoders
  • Installation of Concentrator
  • Installation of Broker


Module 5 - Setting up the the Service Account

  • Enabling communication between services


Module 6 - Configuring Services

  • Configuring Decoders
  • Configuring Concentrator
  • Configuring Broker
  • Connecting services together


Module 7 - Confirming Data Flow and Monitoring Health & Wellness

  • Confirm services communication
  • Overview of Health and Wellness module


Exercise 1: Enable Host Machines

  • Log in to the environment and enable the
  • host machines


Exercise 2: Set up the Service Account

  • Create the SA Service Account on a service of your choice
  • Replicate the SA Service Account to the other services


Exercise 3: Configure the Services

  • Configure the Packet Decoder
  • Configure the Log Decoder
  • Configure the Concentrator
  • Configure the Broker
  • Connect services together
  • Exercise 4: Upload a Packet Capture File and Validate Data Flow
  • Upload a PCAP file and validate that the data is appearing in the Investigation Module







In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us