This classroom-based training provides a general introduction to RSA NetWitness Endpoint analysis. Students will participate in both lecture and hands-on experience using the RSA NetWitness Endpoint Analytics tool. The course consists of about 50% hands-on lab work, using a virtual lab environment.
Recommended Prerequisite Knowledge/Skills
No prerequisite requirements but basic knowledge of malware, networking fundamentals and general security analysis concepts is recommended.
Upon successful completion of this training, participants should be able to:
- Describe what RSA NetWitness Endpoint is and what it does
- Identify architecture components
- Deploy a new endpoint agent
- Interpret risk scores and alerts based on endpoint data
- Explore metadata derived from endpoint scans
- Customize data types available in user interface
- Perform basic file and host analysis
- Obtain file and memory samples for forensic analysis
- Identify potentially malicious timestamp mismatches in MTF files
Click HERE to register for this training event.
If you have any questions please click HERE.