Class begins 9AM GMT and ends 5PM GMT
This course provides recommended methodologies for creating content to assist you in discovering, analyzing and resolving threats in RSA NetWitness Platform. Students will benefit from both lecture and hands-on lab exercises using a virtual environment to practice the techniques learned in class.
Student should have completed or have comparable knowledge to what is provided in the following course:
RSA NetWitness Platform Foundations
Upon successful completion of this course, participants should be able to:
- Identify what content to use when
- Describe the data model and process flow
- Describe how to optimize content for performance and results
- Monitor the performance of parsers
- Create content for specific use cases
- Create content from LIVE and other sources, such as STIX feeds
- Create content using a recommended process
- Create an alert taxonomy
- Use reports to test the efficacy of rules
- Create content for current threats
- Whitelist normal traffic and false positives
Click HERE to register for this training event.
If you have any questions please click HERE.