Search for Training

RSA enVision Administration

Course Overview


The RSA enVision Administration training course provides an overview of the RSA enVision product including functions and data flows. Participants learn the essentials of data collection, event management, alerting, and reporting. The RSA enVision Administration course provides practice creating views, queries, correlated alerts, and reports as well as watchlists and event traces. Additionally, exercises explore how to create and deploy event-source support files for unknown devices using the Event Source Integrator (ESI) tool, thereby extending the compliance and security capabilities provided by enVision.

Course Content


RSA enVision Overview   

  • Description and functions of the RSA enVision product and its primary components
  • Description of the operational data flows
  • Discussion of services

enVision Configuration and Data Collection   

  • Brief description and tour of the user interface for management functions
  • Management of monitored devices and assets
  • Creation of users

Monitoring Event Data   

  • Use of the Event Viewer to view real-time data
  • Use of the Query function to define and refine data-retrieval parameters

Reporting   

  • Discussion of the use of RSA enVision to monitor and retrieve historical data for use in compliance and policy reporting
  • Report creation and scheduling
  • Report customization
  • Dashboard reports

Alerting   

  • Discussion of correlating certain events to trigger an alert
  • Creation of basic and correlated Alerts

Enterprise Dashboard   

  • Introduction of the Enterprise Dashboard function and how to manage the Dashboard layout

Watchlists   

  • Use of the Watchlist function to filter events for alerting and reporting purposes

Vulnerability and Asset Management   

  • Description of the Vulnerability and Asset Management functionality to leverage information about enterprise assets and known vulnerabilities in conjunction with IDS systems

enVision Maintenance   

  • Description of backup and restore methodologies and recommendations
  • Description of event-source updates

Incident Handling   

  • Introduction of the enVision Event Explorer feature to retrieve and analyze data
  • Use of Incident Management functionality to create, view, and refine incidents
  • Use of Event Traces for incident investigation

Principles of Logging   

  • Differentiate between events and log messages
  • Describe how log messages are organized
  • Describe how the syslog protocol is used in enVision
  • Identify the structure of support files

Log Collection Methods and Formats   

  • List enVision's alternative log-collection methods
  • Identify when to use a particular collection service
  • Outline the process to set up an alternative collection service
  • Extract log files

Creating Support Files   

  • Describe the EventSource Integrator (ESI)
  • Identify how headers and payloads are defined in ESI
  • Create support files for an unknown event source
  • Create and deploy the event source package
  • Test the event source integration

Customer Reviews


Thanks to Xpertised and the tutor who walked me through all the topics with Practical exposure which is helping me in my current project.
-Waseem

Course was quite helpful in terms of understanding of concepts and practicality. Its really a very friendly environment to learn. The timing were mutually chosen, as we both are working professional. I am quite satisfied with the course.
-Tanmoy

...more
Share:

For Batch Details
Call us at: +91 7259222234

Not sure? Consult Our Experts

What is the sum of 5 + 6? (security question)

Looking for a Training for

Myself

My Team/Organization

I agree to be contacted over mail or phone

or
Call us at: +91 7259222234

Subscribe to our weekly newsletter