This course provides recommended methodologies for creating content to assist you in discovering, analyzing and resolving threats in RSA NetWitness Platform. Students will benefit from both lecture and hands-on lab exercises using a virtual environment to practice the techniques learned in class.
Student should have completed or have comparable knowledge to what is provided in the following course:
RSA NetWitness Platform Foundations
Upon successful completion of this course, participants should be able to:
- Identify what content to use when
- Describe the data model and process flow
- Describe how to optimize content for performance and results
- Monitor the performance of parsers
- Create content for specific use cases
- Create content from LIVE and other sources, such as STIX feeds
- Create content using a recommended process
- Create an alert taxonomy
- Use reports to test the efficacy of rules
- Create content for current threats
- Whitelist normal traffic and false positives
Click HERE to register for this training event.
If you have any questions please click HERE.