RSA NetWitness Logs and Packets Training
RSA NetWitness Logs and Packets Training Introduction:
RSA NetWitness Logs and Packets captures and enriches full network packet data alongside other data types, such as logs, Net Flow and endpoint. RSA NetWitness Logs and Packets captures full network packets, which means an attack, can be reconstructed to fully understand the full scope of the attack and in turn implement an effective remediation plan to stop the attacker from achieving their objective.
With Global Online Trainings the RSA NetWitness Logs and Packets Online Course is coordinated by best industry experts and the RSA NetWitness Logs and Packets tutorial is prepared with best industry updates for offering participants best professional insight over modules. To know more about this online training course contact reach at helpdesk of Global Online Trainings today.
RSA NetWitness Logs and Packets Online Training Course Content:
TOPIC 1: Overview of RSA NetWitness Logs and Packets Training
- What is RSA NetWitness Logs and Packets?
- Architecture of RSA NetWitness Logs and Packets
- Supported data sources
- Key features and functions
- Customizing the user interface
TOPIC 2: Basics of Investigation
- What is metadata?
- Differentiating between the packets and logs
- Differentiating between data and metadata
- Customizing the investigation screens
- Viewing reconstructed events
- How to Write queries simple and complex
- Describing the purpose of meta key indexing
- Customizing data and meta data displays
- Creating data visualizations of RSA NetWitness Logs and Packets Training
- Creating meta groups
- Custom column groups Creation
- Using complex queries, drills and views to perform investigations
TOPIC 3: Refining the Dataset
- Filtering data with rules
- Metadata Taxonomy concepts
- Using Application rules to create new meta
- Using Correlation rules to create new meta
- Deploying content from RSA Live to create new meta
- parsers populate meta keys Description
- Using alerts and metadata to investigate potential threats
- Determining the cause of an incident
TOPIC 4: Reporting and Alerting
- Reports Creation
- How to Creating alerts to identify future threats
- ESA alerts Creation of RSA NetWitness Logs and Packets Training
- Managing incidents
- Creating incidents
Architecture of RSA NetWitness Logs and Packets:
- The RSA NetWitness Logs and Packets Training architecture is designed so that customers get security insight in real time when detecting and investigating incidents.
- As such, at capture time, data sources are sessionized and security enriched at wire speeds. Additionally, analytics such as behavior analysis are performed as streams of data sources are captured in real time.
- This means that events are being analyzed in real time, speeding the detection and alerting of anomalous activities.
- From an investigation perspective, retrieval and reconstruction of sessions is also accelerated as the raw data is parsed and indexed. This allows security analysts to retrieve the raw data quickly and reconstruct sessions.
- RSA NetWitness Logs and Packets Training Architecture consists of three functional components:
- capture, analysis and server. The architecture is modular to allow agencies to scale the RSA NetWitness Logs and Packets Training deployment based on capture or analysis performance requirements. RSA NetWitness Logs and Packets Online Course can be deployed in both physical & virtual environments.
After successful completion of this RSA NetWitness Logs and Packets Training, participants should be able to:
- Describe the architecture of RSA NetWitness Logs and Packets Training , components and their functions
- Describe how the metadata is created
- Differentiate between the meta keys, meta values and meta data
- Investigate data using simple and complex queries
- Customize the investigation display
- Filtering data using rules
- How to Create new meta values using Application and Correlation rules and RSA Live content
- Create alerts using ESA and reporting rules to track potential threats
- Manage incidents Creation
NETWORK MONITORING AND FORENSICS:
RSA NetWitness Logs and Packets Training captures and enriches full network packet data alongside other data types, such as logs, Net Flow and endpoint. RSA NetWitness Logs and Packets Training captures full network packets, which means an attack, can be reconstructed to fully understand the full scope of the attack and in turn implement an effective remediation plan to stop the attacker from achieving their objective. It processes the data types at time of capture as follows:
Data enrichment – Associates normalized and intuitive metadata to raw data so the security analyst can focus on the security investigation instead of data interpretation.
Apply threat intelligence – Threat intelligence is applied and correlated to the
raw data at time of capture to quickly identify sophisticated attacks early.
Parse and Sessionize Raw Packet Data – Raw packet data is parsed and sessionized at capture time so it’s faster to retrieve and reconstruct the event during an investigation.
Overview of RSA NetWitness Logs and Packets Training:
- Security teams need to evolve to stay in front of attackers and the latest threats, but in recent years this has become much more difficult.
- Attackers continue to advance and use sophisticated techniques to infiltrate organizations which no longer have well defined perimeters.
- Attackers spend significant resources performing reconnaissance to learn about organizations and develop techniques specifically designed to bypass the security tools being used.
- RSA NetWitness Logs and Packets Training Composure of threat actors and the expanding attack surface make it nearly impossible for security teams to discover and understand compromises quickly enough to respond before they impact the business.
- RSA NetWitness Logs and Packets Training provides pervasive visibility with advanced analytics – including real-time behavior analytics – to detect and investigate sophisticated attacks. Visibility is provided across:
Data Sources – Full Packet Capture, NetFlow Logs & Endpoint
Threat Vectors – Endpoint, Network and Cloud RSA NetWitness Logs and Packets Training unique architecture Course captures and enriches data sources with security context in real-time. Additionally, threat intelligence is applied to the enriched data to identify high risk indicators as APT domains, suspicious proxies or malicious networks. This method of processing large data sources in real-time provides analysts with security insight into their entire environment from on premise
to cloud. This means that security analysts can investigate the attacker at each stage of the cyber kill chain as follows: Delivery – Targeted E-Mail attachment, Embedded Links
Exploitation – Opening of the targeted malware of the endpoint, installation & hooking into the system
Action – Data Exfiltration, Lateral Movement, Disruption Attackers actions are fully reconstructed with RSA NetWitness Logs and Packets Training and this helps the security operations team to put an effective remediation plan in place.