This on-demand learning presents a recommended approach to learning EPL syntax and for writing EPL rules to detect threats
This on-demand learning identifies a best practice strategy for creating EPL rules as well as for learning the EPL rule syntax. It uses examples and use cases to illustrate EPL rule concepts, such as streams, constructs, data windows and time constraints.
Anyone interested in using RSA Security Analytics Event Stream Analysis to create EPL rules to help identify suspicious activity.
Students should have completed the following courses (or have equivalent knowledge) prior to taking this training:
Introduction to the RSA NetWitness Platform
RSA NetWitness Platform ESA Fundamentals
RSA NetWitness Platform Foundations
Upon successful completion of this course, participants should be able to:
Describe the Esper engine and EPL
Describe EPL Rule Types
Describe data windows
Describe how time is calculated
Describe single-value and multi-value meta keys
Describe a recommended process for designing and writing EPL rules
Describe EPL syntax
Use the EPL Online Tool to design and test EPL rules