Menu Icon

Courses & certifications

RSA NetWitness Analysis

This course provides a roadmap for adopting Intelligence-Driven Information Security, following the model outlined in the article, 'Getting Ahead of Advanced Threats: Achieving Intelligence-Driven Information Security,' a 2012 publication of the Security for Business Innovation Council. RSA NetWitness is used to illustrate the key steps that are critical for incident identification and response. To practice the concepts presented, you will use RSA NetWitness Investigator and Informer extensively in the hands-on labs.

  • Skills Gained
  • Who Can Benefit
  • Prerequisites
  • Syllabus
Security challenges facing companies today
Intelligence-Driven Roadmap process
RSA NetWitness components and architecture
Access source data through RSA NetWitness Live Manager
Apply a defined process to your investigations
Differentiate between short-term and long-term strategies for mitigating risk
Share intelligence Using RSA NetWitness
Articulate the benefits of various modes of presentation
Present data using RSA NetWitness Informer
Address future challenges and improve response
Who Can Benefit
Security analysts with less than six months of industry experience, who are new to RSA NetWitness and are responsible for incident identification and response.
Background in Enterprise data networking and communications is required
Familiarity with basic computer architecture, data networking fundamentals, and general information security concepts
Programming language experience
Basic knowledge of the TCP/IP protocol stack

1. Threat Landscape

  • Security Challenges
  • Changing the Security Mindset
  • Intelligence-Driven Roadmap
  • RSA NetWitness
  • RSA NetWitness Investigator
  • RSA NetWitness Investigator

2. Role of the Analyst

  • Network Security Analyst
  • Three Typical Use Cases
  • Developing an Analysis Model
  • Full Packet Capture
  • Covert Channels
  • Actionable Intelligence
  • RSA NetWitness Investigator

3. Developing Sources

  • Defining and Refining Sources
  • Accessing Source Data Using LIVE Subscriptions
  • Accessing Source Data Using Custom Feeds
  • Creating Feeds that Use New Metadata
  • Accessing Log Data Using RSA NetWitness for Logs
  • Accessing RSA NetWitness Spectrum Data
  • RSA NetWitness Live! and RSA NetWitness for Logs

4. Defining a Process

  • Defining a Methodology
  • Collecting Evidence
  • Screening the Data
  • Performing Analysis
  • Communicating Results
  • RSA NetWitness Investigator

5. Making Risk Decisions/Taking Action

  • Assigning Risk: The Analyst's Role
  • Short Term (Crisis Management): IoC
  • Long Term (Business Continuity): APT
  • Take Action: Informing the Enterprise
  • RSA Community
  • Sharing Intelligence and Sources
  • RSA NetWitness Investigator and RSA NetWitness Informer

6. Automation

  • Areas of Automation
  • Alerting and Reporting
  • Presenting Evidence
  • RSA NetWitness Informer

7. Future-Proofing the Enterprise

  • Evolving Enterprise Security
  • Continuous Monitoring
  • Securing the Cloud
  • Accepting the Challenge

8. Security Analytics 10 Technical

  • Architecture
  • Warehouse
  • User Interface
  • Licensing
  • Report Engine
  • Alerting
  • Log Collector Services

9. Capstone Project

  • Presented with various use cases that require you to determine what types of information and data elements to look for to identify traffic that fits the use case, determine how best to examine the traffic, and create any filters and reports necessary to resolve or communicate concerns.
  • You will present their findings to the rest of the class justifying their process and results.

Lab 1: Basic Analysis Using Investigator

Lab 2: Investigate Security Policy Incidents

Lab 3: Access Resources Using Live Manager, Create Custom Feeds and Filters, and Access Log Data for Analysis

Lab 4: Create Rules and Feeds that Use New Metadata to Screen Data for Analysis

Lab 5: Scenario to Determine the Risk Level with a Packet Capture and Make a Recommendation

Lab 6: Generating Informer Reports

 RSA

  • Duration : 4 days
  • Certified by: RSA

This course provides a roadmap for adopting Intelligence-Driven Information Security, following the model outlined in the article, 'Getting Ahead of Advanced Threats: Achieving Intelligence-Driven Information Security,' a 2012 publication of the Security for Business Innovation Council.

Worried about travel and Stay to our centers?

We can take care of that Find out more

+91 9741640001

info@rpsconsulting.in

Frequently Asked Questions

STAY CONNECTED

Students Certified

0167899

Keep me Updated

Get tips, latest Courses and Offers