Call : (+91) 968636 4243
Mail : info@EncartaLabs.com
EncartaLabs

RSA NetWitness - Endpoint Foundations

( Duration: 2 Days )

The RSA NetWitness Endpoint Foundations training course introduces security analysts and administrators to the architecture and toolkit for detecting and investigating risk on endpoint hosts. This course provides a general introduction to RSA NetWitness Endpoint analysis.

By attending RSA NetWitness Endpoint Foundations workshop, delegates will learn to:

  • Describe what RSA NetWitness Endpoint is and what it does
  • Identify architecture components
  • Deploy a new endpoint agent
  • Interpret risk scores and alerts based on endpoint data
  • Explore metadata derived from endpoint scans
  • Customize data types available in user interface
  • Perform basic file and host analysis
  • Obtain file and memory samples for forensic analysis
  • Identify potentially malicious timestamp mismatches in MTF files

Basic knowledge of Malware, Networking Fundamentals and General Security Analysis Concepts is recommended.

This RSA NetWitness Endpoint Foundations class is intended forAnyone new to RSA NetWitness Endpoint interested in increasing their familiarity with the tool's features and functions within the context of endpoint investigation and analysis.

COURSE AGENDA

1

Introduction

  • What is RSA NetWitness Platform?
  • What is RSA NetWitness Endpoint?
  • Flagging and Remediation options
  • What is a File?
  • Component Overview
  • Typical Responsibilities
  • Interface Modules
  • RSA Live Content
2

Architecture

  • Overview of Component Complexity
  • High-level Data Flow
  • Seeing NetWitness Hosts and Services in Interface
3

Endpoint Agents, Hosts, and Scans

  • Insights vs. Advanced Agents
  • Agent deployment and uninstallation
  • Host view
  • Scheduled and On-Demand Scans
  • Policies, Groups, and Ranks
4

Risk Scores and Metadata

  • Host and File Risk Scores
  • Viewing & Interpreting Metadata
5

Files and Libraries

  • File viewing and filtering
  • Global vs. Local views
  • Customize display
  • File status
  • Export global files
  • Reset risk view
  • Certificate view
  • Libraries
6

Processes, Autoruns & Anomalies

  • Compare Files vs. Processes
  • Processes tree view
  • What are autoruns and anomalies?
7

Alerts and Incidents

  • Compare Incidents vs. Alerts
  • The Role of Respond
  • Create incidents manually
  • Assign Incident to Analyst
8

Malicious Behavior & App Rules

  • Threat Models
  • Techniques Detected By App Rules
9

Forensic Samples

  • Sample types
  • MTF download and Viewer
  • Timestomping Detection
  • Full System Dump
  • Process Dump

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting https://www.encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top
Notice
X