The RSA NetWitness Platform Foundations training course focuses on the core features and functions of the RSA NetWitness Platform for Administrators and Analysts. This course provides a foundational overview of the core components of RSA NetWitness Platform. You will gain insight into the core concepts, uses, functions and features and also gain practical experience by performing a series of hands-on labs.
By attending RSA NetWitness Platform Foundations workshop, delegates will learn to:
- Describe the RSA NetWitness Platform architecture and data flow
- Describe the platform’s core components and functions
- Navigate and customize the user interface
- Describe how metadata is created and stored
- Describe parsing and indexing concepts
- Differentiate between meta keys, meta values, and sessions/events
- Use event views to perform simple analysis
- Investigate data using queries, pivots and drill points
- Describe data filtering techniques
- Create new meta values using rules and feeds
- Deploy LIVE content
- Describe the concept of data correlation and the use of ESA
- Describe Reporting Engine basics
- Generate alerts with ESA and the Reporting Engine
- Create and manage incidents in the RESPOND Module
- Describe Endpoint Insights features and functions
- Configure the Endpoint Insights Agent and view Endpoint data
- Describe the role of UEBA
- Describe Orchestrator concepts
Familiar with basic Computer Architecture, Networking Fundamentals and General Information Security Concepts. Basic knowledge of the TCP/IP protocol stack is beneficial.
This RSA NetWitness Platform Foundations class is ideal for Anyone new to RSA NetWitness Platform.