RSA NetWitness Platform Introduction to Hunting

Document created by Matthew Bradley Employee on Oct 3, 2018
Version 1Show Document
  • View in full screen mode

Schedule & Register

Schedule Only 

 

 

In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us

 

Overview

This classroom-based course provides an overview of threat hunting and covers hunting tools, content and methodologies that can be used to proactively find suspicious behavior. Students will apply the techniques acquired in this course to identify anomalies and find threats in the environment using Packets, Logs and Endpoint

 

 

Audience

All (customers, partners, internals)

 

Duration

2 days (ILT)

 

Prerequisite Knowledge/Skills

Students should have the following skills or taken the following training prior to attending this course:

• Introduction to the RSA NetWitness Platform

• RSA NetWitness Logs & Network Foundations

• RSA NetWitness Logs & Network Analysis

 

Course Objectives

Upon successful completion of this course, participants should be able to:

• Describe threat hunting and Incident Response roles

• Describe the Hunting Guide

• Describe the Hunting Methodology

• Describe the Hunting Pack meta

• Describe RSA NetWitness Platform hunting tools

• Identify protocol/service anomalies

• Identify indicators of malicious traffic

• Use hunting techniques, methodology and tools to detect threats

• Respond to incidents

• Report findings

 

Course Outline

What is threat hunting?

Investigation Model

NetWitness Hunting Guide

Hunting Methodology

NetWitness Hunting Pack

Hunting tools

Identifying protocol anomalies

Indicators of Compromise

Attack characteristics

Creating a security incident report

Hunting for threats


 

 

 

 

 

Schedule & Register

Schedule Only 

 

 

In order to register for a class, you need to first create an EMC account

If you need further assistance, contact us

Attachments

    Outcomes