This instructor-led classroom-based course provides hands-on experience using the RSA NetWitness Logs & Network tool to identify, investigate and remediate network-based security breaches on your enterprise network. The course consists of about 75% hands-on lab work, following practical use cases from the identification and investigation stages through event reconstruction, damage assessment, and remediation.
SOC analysts relatively new to RSA NetWitness Logs & Network, who wish to increase their familiarity with the tool’s features and functions within the context of SOC breach investigation and analysis.
Students should have familiarity with the basic processes of cybersecurity forensic analysis, including some knowledge of network architecture, the TCP/IP stack, networking protocols, and integrating log & network traffic to perform analysis on network-based security events.
Students should have completed the following courses (or have equivalent knowledge) prior to taking this training: RSA NetWitness Logs & Network Foundations
Upon successful completion of this course, participants should be able to:
- Build dynamic dashboards to monitor network alerts
- Create alerts to populate dashboards
- Create alerts to populate meta keys
- Use investigation and event reconstruction techniques to reconstruct breach events
- Create reports to consolidate alerts across a configurable time period
- Create alerts to generate incidents in the Incident Queue
- Assign, document, and remediate incidents from within the Incident Queue
- Identify, reconstruct, and remediate four sample use cases within the student laboratory SOC environment
Click HERE to register for this training event.
If you have any questions please click HERE.