Course Content
RSA NetWitness Overview
- RSA NetWitness architecture
- RSA NetWitness components
- Data flow between components
Appliance Setup and Software Installation
- RSA NetWitness appliance setup
- RSA NetWitness software components
Configuring RSA NetWitness
- Managing Services
- Configuring and Managing Devices
- Setting up data collection of packets and logs
- Viewing packets and logs in Investigator
RSA NetWitness Live
- RSA NetWitness Live Overview
- Configuring NetWitness Live subscriptions
- Managing a Live feed
Managing Users
- User management interface
- User groups and roles
- Creating users and groups
- Viewing groups and roles
- Configuring external authentication
- Editing user settings
- Informer roles
- Creating Informer Users
Creating Rules and Filters
- Rules, filters, feeds and parsers
- Decoder filters and Informer rules
- Best practices for creating filters and rules
- Creating Decoder filters
- Creating Informer rules and alerts
- Creating a feed
- Pushing a rule to the Decoder
- Reprocessing a collection
Integrating RSA NetWitness with Other Products
- NetWitness SIEM link
- Setting up Informer to communicate with SIEM products
- Connecting to HP ArcSight
- The RSA enVision Connector
Monitoring RSA NetWitness
- Tools that can be used to monitor RSA NetWitness components
- Configuring SNMP
- Monitoring NetWitness components for performance and efficiency
- Tips and best practices for tuning the Decoder, Concentrator, Broker and Informer
- Methods for viewing and modifying logs
Troubleshooting RSA NetWitness
- Common problems
- Investigating and resolving common problems
- Troubleshooting tools
