RSA NetWitness Orchestrator Fundamentals

Document created by Connor Mccarthy Employee on Jun 28, 2018Last modified by Connor Mccarthy Employee on Aug 9, 2018
Version 3Show Document
  • View in full screen mode

Access Training

 

 

                                                                                       In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us

 

Summary

This On-Demand course walks through the use of RSA NetWitness Orchestrator for bridging NetWitness and third-party SOC tools and alerts, and standardizing incident response with playbooks.

 

Overview

This On-Demand course is a perfect introduction to the RSA NetWitness Orchestrator toolbox.  Understand the role of RSA NetWitness Orchestrator for bridging NetWitness and third-party SOC tools, and get started using and building incident response playbooks that consist of automated and hands-on actions.

 

Audience

All NetWitness users/admins

 

Delivery Type

On-Demand Learning (self-paced eLearning)

 

Duration

90 minutes

 

Prerequisite Knowledge/Skills

None

 

Learning Objectives

Upon successful completion of this course, participants should be able to:

  • Describe the role of RSA NetWitness Orchestrator
  • Describe the range of actions available for a playbook
  • Execute an existing playbook
  • Configure integration with RSA and 3rd party tools
  • Customize a simple playbook for incident response

 

Course Outline

Overview of RSA NetWitness Platform
What is RSA NetWitness Orchestrator?

  • Orchestration
    • Integration examples (NW, open source, Slack)
    • Alert ingestion
    • Alert mapping
    • Playbooks and actions
  • Automation and machine learning
    • Improves after each incident (DBot)

Run a playbook

  • Open Playbook Standard (COPS)
  • Automated actions
  • Non-automated actions

Create a playbook

  • Add task
  • Visual playbook editor
  • Handling loops and arrays

Configuration

  • Simple integration for 160+ tools
  • Custom integration example

 

 

 

 

 

Access Training

 

 

In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us

Attachments

    Outcomes