RSA NetWitness Logs & Network Installation and Configuration (version 10.6)

Document created by Connor Mccarthy Employee on Apr 16, 2018Last modified by Connor Mccarthy Employee on Apr 16, 2018
Version 2Show Document
  • View in full screen mode

OnDemandLabDetailsRegister

 

 

In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us

 

Summary 

This on-demand lab provides students with training on installing and configuring RSA NetWitness Logs & Network.

 

Overview

This self-paced on-demand lab walks you through the process of installing RSA NetWitness Logs & Network. Through a series of videos, you will first review the hardware components of a NetWitness Logs & Network implementation. You will then walk through how to install the various services, including: the Server, Decoders, the Concentrator, and Broker. You will then be shown how to configure the services and connect them together to allow data to flow through the system. After confirming data is flowing through the system, you will review the steps to check the health and wellness of the system. Lab exercises provide you with the ability to practice what you have learned. To maximize the value of your learning experience, this course also includes access to RSA University’s virtual environment.

 

Audience

Anyone interested in installing and configuring RSA NetWitness Logs & Network

 

Delivery Type
On-Demand Lab (self-paced eLearning with Lab)


Duration

4 hour course and 2 hour lab


Note: RSA University’s lab environment is provided for 10 hours of overall practice time over a 14-day period.

 

Accessing the Lab Environment

Lab exercises are performed in the RSA University virtual lab environment. The downloadable Lab Guide provides detailed instructions on access the environment.

 

For more information please view the document Access RSA University Virtual Labs – available on the RSA University site: RSA University Content


Prerequisite Knowledge/Skills

Students should be familiar with basic computer architecture, networking fundamentals and general information security concepts. Basic knowledge of the TCP/IP protocol stack is beneficial. Students should have completed the following courses (or have equivalent knowledge) prior to taking this training:

  • RSA NetWitness Logs and Packets Introduction

 

Learning Objectives

Upon completion of this course, participants should be able to:

  • Explain elements of the proper process for installation and configuration
  • Successfully connect the hardware that will be used
  • Locate documentation and web-based resources for installation
  • Identify processes that require special attention during installation
  • Summarize the important configuration tasks Enable all host machines
  • Configure the environment to allow for data transmissions
  • Ensure data is flowing properly through the system

 

Course Outline

Module 1 - Course Introduction

Module 2 - Hardware Configuration

  • Overview of Series IV Hardware
  • Overview of DAC
  • Illustrate cabling of devices
  • Configuring and allocating storage

 

Module 3 - Building a Hybrid Appliance

  • Installation of CentOS
  • Installation of the Server

 

Module 4 - Installing Security Analytics Components

  • Installation of Decoders
  • Installation of Concentrator
  • Installation of Broker

 

Module 5 - Setting up the the Service Account

  • Enabling communication between services

 

Module 6 - Configuring Services

  • Configuring Decoders
  • Configuring Concentrator
  • Configuring Broker
  • Connecting services together

 

Module 7 - Confirming Data Flow and Monitoring Health & Wellness

  • Confirm services communication
  • Overview of Health and Wellness module

 

Exercise 1: Enable Host Machines

  • Log in to the environment and enable the
  • host machines

 

Exercise 2: Set up the Service Account

  • Create the SA Service Account on a service of your choice
  • Replicate the SA Service Account to the other services

 

Exercise 3: Configure the Services

  • Configure the Packet Decoder
  • Configure the Log Decoder
  • Configure the Concentrator
  • Configure the Broker
  • Connect services together
  • Exercise 4: Upload a Packet Capture File and Validate Data Flow
  • Upload a PCAP file and validate that the data is appearing in the Investigation Module

 

 

OnDemandLabDetails

Register

 

 

In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us 

Attachments

    Outcomes