This Live Instructor-Led course provides recommended methodologies for creating content to assist you in discovering, analyzing and resolving threats in RSA NetWitness Logs & Network. Students will benefit from both lecture and hands-on lab exercises using their own virtual environment to practice the techniques learned in class.
Student should have completed or have comparable knowledge to what is provided in the following course: RSA NetWitness Logs & Network Foundations
Upon successful completion of this course, participants should be able to:
- Describe content types and identify how and when to use each content type
- Optimize content for performance and functionality
- Describe how index settings affect content
- Edit index settings to maximize results
- Identify how to use Live content to address specific needs
- Describe how to deploy and use the Hunting Pack
- Describe methodologies for creating content
- Create a taxonomy for rules and reports
- Describe how to find and use malicious data in content creation
- Create reports to verify efficacy of content
- Use techniques and methodologies to automate threat detection
- Validate results and refine your approach accordingly
Click HERE to register for this training event.
If you have any questions please click HERE.