RSA NetWitness Analyst II
This course is not currently offered by Global Knowledge. Information here is provided for reference only.
In this course, you will focus on content development. You will learn how to develop application rules for detection, create and use threat feeds to model environments, and identify known malicious systems. Informer is used to tie it all together to develop reports, charts, and alerts.
What You'll Learn
Features and functions of RSA NetWitness Investigator:
- Develop content
- Create and implement threat feeds
Who Needs to Attend
Security analysts familiar with the RSA NetWitness system
- Familiarity with XML and rules structure
There are no follow-ons for this course.
3. Content Development within Investigator
- Threat Feed Creation
- Implementing a Threat Feed
- Modeling your Network
- Updating and Creating Custom Meta
- Implementing a Model of your Network
- Intellisence Syntax
- Application Rule Creation
- Creating Content Using App Rules
- Rules Writing, Reports, Alerts, and Charts/Dashboards
- Content Development Best Practices
5. External Integration
- Linking into RSA NetWitness from other Tools
- NW.vbs, SEIMlink
In addition to lecture and demonstrations, this course includes hands-on exercises which are designed to give you practical experience.