EncartaLabs

RSA enVision Administration

The RSA enVision Administration - Essentials training course provides an overview of the RSA enVision product including functions and data flows. Delegates learn the essentials of data collection, event management, alerting, and reporting. The RSA enVision Administration course provides practice creating views, queries, correlated alerts, and reports as well as watchlists and event traces. Additionally, exercises explore how to create and deploy event-source support files for unknown devices using the Event Source Integrator (ESI) tool, thereby extending the compliance and security capabilities provided by enVision.

The RSA enVision Administration - Advanced training course provides in-depth coverage of specific enVision topics in the areas of data collection, reports, alerts, and Event Explorer. Delegates learn to configure enVision to collect data from non-syslog collection methodologies. This course provides best practices for reports and alerts and practice using advanced reporting and alerting functions as well as creating advanced charts and tables in Event Explorer.

By attending RSA enVision Administration - Essentials workshop, Delegates will learn to:

  • Explain the basic enVision data flows
  • Describe how to collect data from event sources and configure enVision
  • Create users
  • View data in real time and from an historical perspective
  • Create queries and various types of reports
  • Create and manage dashboard reports
  • Create alerts and correlated rules
  • Describe how to set up an Enterprise Dashboard
  • Create a watchlist
  • Manage vulnerabilities and assets
  • Describe how to back up data and obtain content updates
  • Create and manage incidents
  • Investigate incidents using Event Traces
  • Describe the event-source-integration process
  • Identify collection methods for different types of logs
  • Extract events from an unknown event source
  • Describe the EventSource Integrator (ESI) tool

By attending RSA envision Administration - Advanced workshop, Delegates will be able to:

  • Describe the enVision collection process, including troubleshooting techniques
  • Describe various collection methodologies
  • Configure enVision to collect data from non-syslog event sources
  • Describe how to troubleshoot collection issues
  • Describe best practices for reports and alerts
  • Identify how to set up a security policy for reporting
  • Create reports that support the security policy
  • Identify how to plan a strategy for alerting
  • Create alerts using multithreading, cache variables, thresholds, and severity levels
  • Extract data in Event Explorer using charts and tables
  • Identify best practices for charts and tables
  • Describe Event Trace data stores
  • Create charts using SQL in Event Explorer

  • A functional knowledge of computer operations and networking fundamentals.

System, security, or help desk personnel who need to administer the RSA enVision product.

Customers and Partners who need to administer the RSA enVision product.

COURSE AGENDA

RSA enVision Administration - Essentials
(Duration : 5 Days)

1

RSA enVision Overview

  • Description and functions of the RSA enVision product and its primary components
  • Description of the operational data flows
  • Discussion of services
2

enVision Configuration and Data Collection

  • Brief description and tour of the user interface for management functions
  • Management of monitored devices and assets
  • Creation of users
3

Monitoring Event Data

  • Use of the Event Viewer to view real-time data
  • Use of the Query function to define and refine data-retrieval parameters
4

Reporting

  • Discussion of the use of RSA enVision to monitor and retrieve historical data for use in compliance and policy reporting
  • Report creation and scheduling
  • Report customization
  • Dashboard reports
5

Alerting

  • Discussion of correlating certain events to trigger an alert
  • Creation of basic and correlated Alerts
6

Enterprise Dashboard

  • Introduction of the Enterprise Dashboard function and how to manage the Dashboard layout
7

Watchlists

  • Use of the Watchlist function to filter events for alerting and reporting purposes
8

Vulnerability and Asset Management

  • Description of the Vulnerability and Asset Management functionality to leverage information about enterprise assets and known vulnerabilities in conjunction with IDS systems
9

enVision Maintenance

  • Description of backup and restore methodologies and recommendations
  • Description of event-source updates
10

Incident Handling

  • Introduction of the enVision Event Explorer feature to retrieve and analyze data
  • Use of Incident Management functionality to create, view, and refine incidents
  • Use of Event Traces for incident investigation
11

Principles of Logging

  • Differentiate between events and log messages
  • Describe how log messages are organized
  • Describe how the syslog protocol is used in enVision
  • Identify the structure of support files
12

Log Collection Methods and Formats

  • List enVision’s alternative log-collection methods
  • Identify when to use a particular collection service
  • Outline the process to set up an alternative collection service
  • Extract log files
13

Creating Support Files

  • Describe the EventSource Integrator (ESI)
  • Identify how headers and payloads are defined in ESI
  • Create support files for an unknown event source
  • Create and deploy the event source package
  • Test the event source integration
RSA enVision Administration - Advanced
(Duration : 5 Days)

1

Configuring Data Collection

  • enVision Collection process
  • Tips and techniques for troubleshooting the Collection process
  • LEA Collection Service configuration and troubleshooting
  • SDEE Collection Service configuration and troubleshooting
  • File Reader Collection Service configuration and troubleshooting
  • Windows Collection Service configuration and troubleshooting
  • Agentless Windows Collection configuration and troubleshooting
  • ODBC Collection Service configuration and troubleshooting
  • SNMP Collection Service configuration and troubleshooting
  • VMware Collector
2

Advanced Reporting

  • Security-management reporting strategy
  • Best practices for reports
  • Report performance enhancements
  • Troubleshooting reports
3

Advanced Alerting

  • Alert strategy planning
  • Best practices for alerts
  • Rule-creation process
  • Advanced alerting techniques
  • Debugging correlation rules
4

Extracting Data Using Event Explorer

  • Exploring taxonomy in Event Explorer
  • Best practices for charts and tables
  • Event trace storage
  • Advanced charting using SQL
  • Data extraction using drill down and data points
  • Extracting data using advanced tables
  • Chart dashboard

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 4,000 Modules on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting http://encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop for a group of 10+ candidates at our venue

Top