The RSA enVision Administration - Essentials training course provides an overview of the RSA enVision product including functions and data flows. Delegates learn the essentials of data collection, event management, alerting, and reporting. The RSA enVision Administration course provides practice creating views, queries, correlated alerts, and reports as well as watchlists and event traces. Additionally, exercises explore how to create and deploy event-source support files for unknown devices using the Event Source Integrator (ESI) tool, thereby extending the compliance and security capabilities provided by enVision.
The RSA enVision Administration - Advanced training course provides in-depth coverage of specific enVision topics in the areas of data collection, reports, alerts, and Event Explorer. Delegates learn to configure enVision to collect data from non-syslog collection methodologies. This course provides best practices for reports and alerts and practice using advanced reporting and alerting functions as well as creating advanced charts and tables in Event Explorer.
By attending RSA enVision Administration - Essentials workshop, Delegates will learn to:
- Explain the basic enVision data flows
- Describe how to collect data from event sources and configure enVision
- Create users
- View data in real time and from an historical perspective
- Create queries and various types of reports
- Create and manage dashboard reports
- Create alerts and correlated rules
- Describe how to set up an Enterprise Dashboard
- Create a watchlist
- Manage vulnerabilities and assets
- Describe how to back up data and obtain content updates
- Create and manage incidents
- Investigate incidents using Event Traces
- Describe the event-source-integration process
- Identify collection methods for different types of logs
- Extract events from an unknown event source
- Describe the EventSource Integrator (ESI) tool
By attending RSA envision Administration - Advanced workshop, Delegates will be able to:
- Describe the enVision collection process, including troubleshooting techniques
- Describe various collection methodologies
- Configure enVision to collect data from non-syslog event sources
- Describe how to troubleshoot collection issues
- Describe best practices for reports and alerts
- Identify how to set up a security policy for reporting
- Create reports that support the security policy
- Identify how to plan a strategy for alerting
- Create alerts using multithreading, cache variables, thresholds, and severity levels
- Extract data in Event Explorer using charts and tables
- Identify best practices for charts and tables
- Describe Event Trace data stores
- Create charts using SQL in Event Explorer
- A functional knowledge of computer operations and networking fundamentals.
System, security, or help desk personnel who need to administer the RSA enVision product.
Customers and Partners who need to administer the RSA enVision product.