Course Content
RSA enVision Overview
- Description and functions of the RSA enVision product and its primary components
- Description of the operational data flows
- Discussion of services
enVision Configuration and Data Collection
- Brief description and tour of the user interface for management functions
- Management of monitored devices and assets
- Creation of users
Monitoring Event Data
- Use of the Event Viewer to view real-time data
- Use of the Query function to define and refine data-retrieval parameters
Reporting
- Discussion of the use of RSA enVision to monitor and retrieve historical data for use in compliance and policy reporting
- Report creation and scheduling
- Report customization
- Dashboard reports
Alerting
- Discussion of correlating certain events to trigger an alert
- Creation of basic and correlated Alerts
Enterprise Dashboard
- Introduction of the Enterprise Dashboard function and how to manage the Dashboard layout
Watchlists
- Use of the Watchlist function to filter events for alerting and reporting purposes
Vulnerability and Asset Management
- Description of the Vulnerability and Asset Management functionality to leverage information about enterprise assets and known vulnerabilities in conjunction with IDS systems
enVision Maintenance
- Description of backup and restore methodologies and recommendations
- Description of event-source updates
Incident Handling
- Introduction of the enVision Event Explorer feature to retrieve and analyze data
- Use of Incident Management functionality to create, view, and refine incidents
- Use of Event Traces for incident investigation
Principles of Logging
- Differentiate between events and log messages
- Describe how log messages are organized
- Describe how the syslog protocol is used in enVision
- Identify the structure of support files
Log Collection Methods and Formats
- List enVision's alternative log-collection methods
- Identify when to use a particular collection service
- Outline the process to set up an alternative collection service
- Extract log files
Creating Support Files
- Describe the EventSource Integrator (ESI)
- Identify how headers and payloads are defined in ESI
- Create support files for an unknown event source
- Create and deploy the event source package
- Test the event source integration
