Description
This course helps the students to use the features and functions of RSA NetWitness Platform to to respond to and investigate incidents. This course is for Level 1 and Level 2 analysts relatively new to RSA NetWitness Platform, who wish to increase their familiarity with the tool's features and functions within the context of incident response and analysis. Students should have familiarity with the basic processes of cybersecurity forensic analysis, including some knowledge of network architecture, the TCP/IP stack, networking protocols, and integrating log & network traffic to perform analysis on network-based security events. Students should have taken the Foundation course prior to this course. Upon successful completion of this course, participants should be able to: Describe SOC roles and modelsDescribe the Investigative MethodologyIdentify types of incidentsDescribe the Incident Response processUse analysis tools and techniques to investigate an incidentDocument the incidentUse the incident response process and tools to investigate an incident using packetsUse the incident response process and tools to investigate an incident using logsUse the incident response process and tools to investigate an incident using packets and endpointUse the incident response process and tools to investigate an incident using logs, packets and endpoint
