This training provides hands-on experience using the RSA NetWitness Platform to investigate and document security incidents. The course consists of about 50% hands-on lab work, following a practical methodology from the incident queue through investigation, event reconstruction, damage assessment, and documentation using real-world use cases
Students should have familiarity with the basic processes of cybersecurity analysis, including some knowledge of network architecture, the TCP/IP stack, networking protocols, and integrating log & network traffic to perform analysis on network-based security events.
Students should have completed the following courses (or have equivalent knowledge) prior to taking this training:
RSA NetWitness Platform Foundations
Upon successful completion of this course, participants should be able to:
- Identify Analyst roles and SOC models
- Describe incident types and methods to prioritize incidents
- Describe the Incident Response process
- Use analysis tools and interfaces to perform incident response
- Describe the Investigative Methodology
- Describe a systematic approach to investigate metadata
- Describe the Investigation Model
- Identify types of threats
- Use the incident response process, the investigative methodology and tools to investigate multiple use cases using packets, logs and endpoint
Click HERE to register for this training event.
If you have any questions please click HERE.