This classroom training provides hands-on experience using the RSA NetWitness Platform to investigate and document security incidents. The course consists of about 50% hands-on lab work, following a practical methodology from the incident queue through investigation, event reconstruction, damage assessment, and documentation using real-world use cases
Students should have familiarity with the basic processes of cybersecurity analysis, including some knowledge of network architecture, the TCP/IP stack, networking protocols, and integrating log & network traffic to perform analysis on network-based security events.
Students should have completed the following courses (or have equivalent knowledge) prior to taking this training:
RSA NetWitness Platform Foundations
Upon successful completion of this course, participants should be able to:
Identify Analyst roles and SOC models
Describe incident types and methods to prioritize incidents
Describe the Incident Response process
Use analysis tools and interfaces to perform incident response
Describe the Investigative Methodology
Describe a systematic approach to investigate metadata
Describe the Investigation Model
Identify types of threats
Use the incident response process, the investigative methodology and tools to investigate multiple use cases using packets, logs and endpoint.
Click HERE to register for this training.
If you need assistance with registration click HERE to open a ticket.