RSA NetWitness Administration

( Duration: 3 Days )

The RSA NetWitness Administration training course focuses on administration of the RSA NetWitness product. This course provides an overview of RSA NetWitness, hands-on installation and configuration of components, including a Log Decoder, managing users, and creating filters and rules. Additionally, the course covers integration with other products, monitoring capabilities and troubleshooting of common issues.

By attending RSA NetWitness Administration workshop, Participants will learn to:

  • Describe RSA NetWitness component and data flows
  • Install RSA NetWitness software
  • Configure RSA NetWitness components
  • Set up packet and log capture
  • Set up LIVE feeds
  • Manage users
  • Create rules and filters
  • Monitor RSA NetWitness
  • Troubleshoot RSA NetWitness

  • Familiarity with networking fundamentals and general information security concepts
  • Familiarity with Linux

  • RSA NetWitness Administrators



RSA NetWitness Overview

  • RSA NetWitness architecture
  • RSA NetWitness components
  • Data flow between components

Appliance Setup and Software Installation

  • RSA NetWitness appliance setup
  • RSA NetWitness software components

Configuring RSA NetWitness

  • Managing Services
  • Configuring and Managing Devices
  • Setting up data collection of packets and logs
  • Viewing packets and logs in Investigator

RSA NetWitness Live

  • RSA NetWitness Live Overview
  • Configuring NetWitness Live subscriptions
  • Managing a Live feed

Managing Users

  • User management interface
  • User groups and roles
  • Creating users and groups
  • Viewing groups and roles
  • Configuring external authentication
  • Editing user settings
  • Informer roles
  • Creating Informer Users

Creating Rules and Filters

  • Rules, filters, feeds and parsers
  • Decoder filters and Informer rules
  • Best practices for creating filters and rules
  • Creating Decoder filters
  • Creating Informer rules and alerts
  • Creating a feed
  • Pushing a rule to the Decoder
  • Reprocessing a collection

Integrating RSA NetWitness with Other Products

  • NetWitness SIEM link
  • Setting up Informer to communicate with SIEM products
  • Connecting to HP ArcSight
  • The RSA enVision Connector

Monitoring RSA NetWitness

  • Tools that can be used to monitor RSA NetWitness components
  • Configuring SNMP
  • Monitoring NetWitness components for performance and efficiency
  • Tips and best practices for tuning the Decoder, Concentrator, Broker and Informer
  • Methods for viewing and modifying logs

Troubleshooting RSA NetWitness

  • Common problems
  • Investigating and resolving common problems
  • Troubleshooting tools

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 4,000 Modules on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting http://encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop for a group of 10+ candidates at our venue