This course is not currently offered by Global Knowledge. Information here is provided for reference only.

In this course, you will focus on content development. You will learn how to develop application rules for detection, create and use threat feeds to model environments, and identify known malicious systems. Informer is used to tie it all together to develop reports, charts, and alerts.

What You'll Learn

Features and functions of RSA NetWitness Investigator:

• Develop content
• Create and implement threat feeds

Who Needs to Attend

Security analysts familiar with the RSA NetWitness system

Prerequisites

• Familiarity with XML and rules structure

Follow-On Courses

There are no follow-ons for this course.

Course Outline

1. Technology

2. Product

3. Content Development within Investigator

• Threat Feed Creation
  • Implementing a Threat Feed
• Modeling your Network
  • Updating and Creating Custom Meta
• Implementing a Model of your Network
• Intellisence Syntax
  • Application Rule Creation

4. Informer

• Creating Content Using App Rules
  • Rules Writing, Reports, Alerts, and Charts/Dashboards
• Content Development Best Practices

5. External Integration

• Linking into RSA NetWitness from other Tools
  • NW.vbs, SEIMlink

Labs

In addition to lecture and demonstrations, this course includes hands-on exercises which are designed to give you practical experience.