Prerequisites
To apply for the RSA Netwitness Training, you need to either:
- You should have a basic understanding of computer networking concepts like TCP/IP, DNS and firewalls
- You should have a basic understanding of Operating systems like Windows & Linux
- You should have a basic understanding of security concepts like access control, encryption and authentication
- You should also be familiar with at least one programming language like Java, Ruby or Python.
Course Curriculum
Module 1: RSA Netwitness Fundamentals
In this module we are going to explore the following concepts in detail. They are:
- Introduction to RSA NetWitness Logs
- RSA NetWitness Logs architecture
- RSA NetWitness Logs Data flow
- Log Deployment scenarios
- Data sources
- RSA NetWitness Logs user interface
- Customizing the interface
Module 2: Configuring RSA Netwitness logs
In this module , you are going to learn about the configuring the RSA Netwitness logs.
- Administration Module Overview
- Configuring services,live, files, event stream analysis, incident management, etc.
- Configuring the Reporting Engine
- Configuring the Archiver, the Context Hub, and data privacy
- Explain the licensing model
Module 3: Setting up data collection
In this module, we are going to explore how to set up data collection.
- Setting up event source monitoring and capturing for the log data.
- Troubleshooting event source collection and setting up collection for
- Syslog,File Reader,VMware,SDEE,SNMP,Windows,ODBC,CheckPoint, and NetFlow
- Validating data capture
- Configuring log collection
Module 4: Creating Compliance Reports
In this module, we are going to learn about creation of compliance reports such as:
- Reporting data sources
- Reporting components
- Role Based Access Control
- Creating Charts
- Creating compliance reports
- Deploying compliance reports from Live
Module 5: Metadata and basics of investigation
In this section, we are going to cover the basics of investigation such as:
- Metadata, key difference between packets, logs, data and metadata.
- Customizing the investigation screens
- Viewing reconstructed events
- How to Write queries simple and complex
- Describing the purpose of meta key indexing
- Customizing data and metadata displays
- Creating data visualizations of RSA NetWitness Logs and Packets Training
- Creating meta groups
- Custom column groups Creation
- Using complex queries, drills and views to perform investigations.
Module 6: Filtering the data sets
In this module, we are going to learn about how to filter the datasets easily.
- Filtering data with rules
- Metadata Taxonomy concept
- sparsers populate meta keys Description
- Using alerts and metadata to investigate potential threats
- Using Application rules to create new meta
- Using Correlation rules to create new meta
- Deploying content from RSA Live to create new meta
- Determining the cause of an incident
Module 7: Creating Log parsers
In this module, we are going to learn about the creation of log parsers:
- The meta framework
- Introduction to parsers
- Creating a log parser using ESI
- Deploy a log parser
- Debugging log parsers
Module 8: RSA Netwitness Swarm
Module 9: Conclusion
- Summarize all the points discussed.
