RSA Netwitness
RSA Netwitness Training is designed to learn fundamentals of RSA Netwitness Logs and Packets, Tools that can be used to monitor RSA NetWitness components, Using complex queries, drills and views to perform investigations, How to Create new meta values using Application and Correlation rules and RSA Live content. This course also provides on Architecture of RSA NetWitness, Creating Decoder filters, Setting up Informer to communicate with SIEM products, Using alerts and metadata to investigate potential threats, Viewing alerts in Incident Management and etc.
Duration: 30hrs
Course Content:
- What is RSA NetWitness Logs
- RSA NetWitness Logs architecture
- RSA NetWitness Logs Data flow
- Log Deployment scenarios
- Data sources
- RSA NetWitness Logs user interface
- Customizing the interface
- Administration Module Overview
- Configuring services
- Configuring Live
- Configuration files
- Configuring Event Stream Analysis (ESA)
- Configuring Incident Management
- Configuring the Reporting Engine
- Configuring the Archiver
- Configure the Context Hub
- Explain the licensing model
- Configuring Data Privacy
- Setting up capture for log data
- Setting up event source monitoring
- Troubleshooting event source collection
- Setting up collection for:
- Syslog
- File Reader
- VMware
- SDEE
- SNMP
- Windows
- ODBC
- Check Point
- NetFlow
- Validating data capture
- Configuring log collection
Basics of Investigation
- What is metadata?
- Differentiating between the packets and logs
- Differentiating between data and metadata
- Customizing the investigation screens
- Viewing reconstructed events
- How to Write queries simple and complex
- Describing the purpose of meta key indexing
- Customizing data and meta data displays
- Creating data visualizations of RSA NetWitness Logs and Packets Training
- Creating meta groups
- Custom column groups Creation
- Using complex queries, drills and views to perform investigations
Creating Compliance Reports
- Reporting data sources
- Reporting components
- Role Based Access Control
- Creating Charts
- Creating compliance reports
- Deploying compliance reports from Live
Refining the Dataset
- Filtering data with rules
- Metadata Taxonomy concepts
- parsers populate meta keys Description
- Using alerts and metadata to investigate potential threats
- Using Application rules to create new meta
- Using Correlation rules to create new meta
- Deploying content from RSA Live to create new meta
- Determining the cause of an incident
- The meta framework
- Introduction to parsers
- Creating a log parser using ESI
- Deploy a log parser
- Debugging log parsers