This on-demand lab reviews the proper initial configuration steps and settings for RSA NetWitness Logs and Packets. Students are then presented with a sub-optimal environment and will identify the “underperforming,” modules, and fine tune the environment.
This self-paced on-demand lab presents the proper initial configuration steps and settings for RSA NetWitness Logs and Packets. It describes an optimal configuration of RSA NetWitness Logs and Packets that allows for increased performance. Lab exercises provide students with the ability to practice what they have learned. To maximize the value of your learning experience, this course also includes access to RSA University’s virtual environment.
Audience Anyone interested in tuning their RSA NetWitness Logs and Packets environment for optimal performance
Delivery Type On-Demand Lab
Duration 1 hour course and 2 hour lab Note: RSA University’s on-demand lab environment is provided for 10 hours of overall practice time over a 14-day period.
Learning Objectives Upon successful completion of this course, participants should be able to:
Install and configure RSA NetWitness Logs and Packets hardware
Perform initial configuration of RSA NetWitness Logs and Packets
Perform basic configuration checks
Course Outline Module 1: Pre-Configuration Procedures Utilize a checklist of procedures Map out your environment before deploying RSA NetWitness Logs and Packets Understand the architecture and how it will affect the deployment Module 2: Post Install Configuration Configure Proxy Server settings Create and configure an RSA Live account Check for software updates Configure Security Settings Module 3: Deploy the Right Content Identify and deploy the proper parsers Determine and deploy the proper feeds Module 4: Capture and Aggregation Settings Configure capture settings on both Decoders Configure aggregation settings on the Concentrator Add additional Log Collectors Module 5: Utilize Filtering and Truncation Filter unnecessary data from your data set Describe the reasons for filtering Define data for filtering Identify types of filtering rules, including: o Berkely Packet Filters o Network Rules Module 6 Troubleshoot Investigation Queries Define the ways to query a data set Identify best practices when querying Illustrate an example of an effective query
Exercise 1: Where to Start? Searching for misplaced content Packet parsers and log decoders Basic correlation rules Mixed application rules Exercise 2: Content Cleanup Saving custom content Deleting deployed content Deploying standard installation content Creating new customer content Removing out-dated content Clearing subscriptions Exercise 3 : System Review Reviewing needed parsers & feeds Cleaning up application rules Adding truncation rules as needed Final system check