RSA Netwitness Logs & Network Analysis

Use the features and functions of RSA NetWitness Platform to to respond to and investigate incidents.

This course helps the students to use the features and functions of RSA NetWitness Platform to to respond to and investigate incidents. This course is for Level 1 and Level 2 analysts relatively new to RSA NetWitness Platform, who wish to increase their familiarity with the tool’s features and functions within the context of incident response and analysis. Students should have familiarity with the basic processes of cybersecurity forensic analysis, including some knowledge of network architecture, the TCP/IP stack, networking protocols, and integrating log & network traffic to perform analysis on network-based security events. Students should have taken the Foundation course prior to this course.

What you’ll learn

  • Use the features and functions of RSA NetWitness Platform to to respond to and investigate incidents..

Course Content

  • Introduction –> 5 lectures • 32min.
  • Analyzing Logs and Networks –> 4 lectures • 43min.

RSA Netwitness Logs & Network Analysis

Requirements

  • Fmiliarity with the basic processes of cybersecurity forensic analysis.
  • Knowledge of network architecture.
  • Knowledge of TCP/IP Stack.
  • Knowledge of integrating log & network traffic to perform analysis on network-based security events.

This course helps the students to use the features and functions of RSA NetWitness Platform to to respond to and investigate incidents. This course is for Level 1 and Level 2 analysts relatively new to RSA NetWitness Platform, who wish to increase their familiarity with the tool’s features and functions within the context of incident response and analysis. Students should have familiarity with the basic processes of cybersecurity forensic analysis, including some knowledge of network architecture, the TCP/IP stack, networking protocols, and integrating log & network traffic to perform analysis on network-based security events. Students should have taken the Foundation course prior to this course.

Upon successful completion of this course, participants should be able to:

  • Describe SOC roles and models
  • Describe the Investigative Methodology
  • Identify types of incidents
  • Describe the Incident Response process
  • Use analysis tools and techniques to investigate an incident
  • Document the incident
  • Use the incident response process and tools to investigate an incident using packets
  • Use the incident response process and tools to investigate an incident using logs
  • Use the incident response process and tools to investigate an incident using packets and endpoint
  • Use the incident response process and tools to investigate an incident using logs, packets and endpoint