RSA NetWitness Platform Analysis Training Course and Workshop in Bangalore, Mysore, Chennai, Hyderabad, Pune, Mumbai, Delhi, Noida, Gurgaon, Kolkata

The RSA NetWitness Platform Analysis training course provides experience using the features and functions of RSA NetWitness Platform to respond to and investigate security incidents. This course provides hands-on experience using the RSA NetWitness Platform to investigate and document security incidents. The course consists of about 50% hands-on lab work, following a practical methodology from the incident queue through investigation, event reconstruction, damage assessment, and documentation using real-world use cases.

By attending RSA NetWitness Platform Analysis workshop, delegates will learn to:

Identify Analyst roles and SOC models
Describe incident types and methods to prioritize incidents
Describe the Incident Response process
Use analysis tools and interfaces to perform incident response
Describe the Investigative Methodology
Describe a systematic approach to investigate metadata
Describe the Investigation Model
Identify types of threats
Use the incident response process, the investigative methodology and tools to investigate multiple use cases using packets, logs and endpoint

Familiarity with the basic processes of cybersecurity analysis, including some knowledge of network architecture, the TCP/IP stack, networking protocols, and integrating log & network traffic to perform analysis on network-based security events.
Attend RSA NetWitness Platform Foundations training or equivalent knowledge

This RSA NetWitness Platform Analysis class is suitable for Level 1 and Level 2 analysts relatively new to RSA NetWitness Platform, who wish to increase their familiarity with the tool’s features and functions within the context of incident response and analysis.

Analysis Tools and Processes

Security Operations models

Security Operations Roles
SOC Models
Escalation Workflow

Incident Response Process
Incident Response Tools

Monitoring the Respond Interface
Assigning an Incident
Reviewing Threat Intelligence
Obtaining Event Details
Reviewing Logs
What Should You Look For?
Obtaining Additional Information
Performing Analysis
Investigating Events
Creating Meta Groups, Queries, Query Profiles,Custom Column Groups, and Profiles
Viewing Encrypted Traffic
Documenting the Incident
Closing/Escalating/Remediating the Incident
Analysis Methodology

Investigating Metadata

Investigative Methodology

Asking the Right Questions
Phase 1: Triage
Phase 2: Root Cause Analysis
Phase 3: Scoping Operations
Incident Types
Incident Response Process
Prioritizing Incidents

NetWitness Metadata

Layered Contextual Approach
Traffic Directionality
Network Layer Context Meta
Endpoint Process Meta
Endpoint Registry Meta
Endpoint Network-Process Meta
Windows Security Event Log Meta
Meta Groups
Compromise Meta
Session, Service and File Characteristics

Threat Examples

Phishing
Malware
Lateral Movement
Webshells
Command Control
Data Exfiltration

Analysis Use Cases

Responding to a Phishing incident using Packets
Responding to a Suspicious Activities incident using Logs
Responding to a Drive-by Download incident using Packets and Endpoint
Responding to an Apache Struts Exploit incident using Packets, Logs and Endpoint

Encarta Labs Advantage

One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
All courses are delivered by Industry Veterans
Get jumpstarted from newbie to production ready in a matter of few days

Trained more than 50,000 Corporate executives across the Globe
All our trainings are conducted in workshop mode with more focus on hands-on sessions

RSA NetWitness - Platform Analysis

COURSE AGENDA

Analysis Tools and Processes

Investigating Metadata

Analysis Use Cases

Encarta Labs Advantage