Menu Icon

Courses & certifications

RSA NetWitness Administration

In this course, you will focus on administration of the RSA NetWitness product. You will learn to install and configure RSA Net Witness components, including a Log Decoder, managing users, and creating filters and rules. You will also cover integration with other products, monitoring capabilities, and troubleshooting of common issues.

  • Skills Gained
  • Who Can Benefit
  • Prerequisites
  • Syllabus
RSA NetWitness component and data flows
Install RSA NetWitness software
Configure RSA NetWitness components
Set up packet and log capture
Set up LIVE feeds
Manage users
Create rules and filters
Integrate NetWitness with other products
Monitor RSA NetWitness
Troubleshoot RSA NetWitness
Who Can Benefit
RSA NetWitness administrators
Prerequisites
Familiarity with networking fundamentals and general information security concepts

1. RSA NetWitness

  • RSA NetWitness Architecture
  • RSA NetWitness Components
  • Data Flow between Components

2. Appliance Setup and Software Installation

  • RSA NetWitness Appliance Setup
  • RSA NetWitness Software Components

3. Configuring RSA NetWitness

  • Managing Services
  • Configuring and Managing Devices
  • Setting Up Data Collection of Packets and Logs
  • Viewing Packets and Logs in Investigator

4. RSA NetWitness Live

  • Configuring NetWitness Live Subscriptions
  • Managing a Live Feed

5. Managing Users

  • User Management Interface
  • User Groups and Roles
  • Creating Users and Groups
  • Viewing Groups and Roles
  • Configuring External Authentication
  • Editing User Settings
  • Informer Roles
  • Creating Informer Users

6. Creating Rules and Filters

  • Rules, Filters, Feeds and Parsers
  • Decoder Filters and Informer Rules
  • Best Practices for Creating Filters and Rules
  • Creating Decoder Filters
  • Creating Informer Rules and Alerts
  • Creating a Feed
  • Pushing a Rule to the Decoder
  • Reprocessing a Collection

7. Integrating RSA NetWitness with Other Products

  • NetWitness SIEM Link
  • Setting Up Informer to Communicate with SIEM Products
  • Connecting to HP ArcSight
  • RSA enVision Connector

8. Monitoring RSA NetWitness

  • Tools Used to Monitor RSA NetWitness Components
  • Configuring SNMP
  • Monitoring NetWitness Components for Performance and Efficiency
  • Tips and Best Practices for Tuning the Decoder, Concentrator, Broker, and Informer
  • Methods for Viewing and Modifying Logs

9. Troubleshooting RSA NetWitness

In addition to lecture and demonstrations, this course includes hands-on exercises which are designed to give you practical experience.

 RSA

  • Duration : 3 days
  • Certified by: RSA

In this course, you will focus on administration of the RSA NetWitness product. You will learn to install and configure RSA Net Witness components, including a Log Decoder, managing users, and creating filters and rules. You will also cover integration with other products, monitoring capabilities, and troubleshooting of common issues.

Worried about travel and Stay to our centers?

We can take care of that Find out more

+91 9741640001

info@rpsconsulting.in

Frequently Asked Questions

STAY CONNECTED

Students Certified

0167899

Keep me Updated

Get tips, latest Courses and Offers