Menu Icon

Available Training Rooms


Course Details

  • Course Overview
  • Skills Gained
  • Who Can Benefit
  • Prerequisites
  • Syllabus

This course provides a roadmap for adopting Intelligence-Driven Information Security, following the model outlined in the article, 'Getting Ahead of Advanced Threats: Achieving Intelligence-Driven Information Security,' a 2012 publication of the Security for Business Innovation Council. RSA NetWitness is used to illustrate the key steps that are critical for incident identification and response. To practice the concepts presented, you will use RSA NetWitness Investigator and Informer extensively in the hands-on labs.

Security challenges facing companies today
Intelligence-Driven Roadmap process
RSA NetWitness components and architecture
Access source data through RSA NetWitness Live Manager
Apply a defined process to your investigations
Differentiate between short-term and long-term strategies for mitigating risk
Share intelligence Using RSA NetWitness
Articulate the benefits of various modes of presentation
Present data using RSA NetWitness Informer
Address future challenges and improve response
Who Can Benefit
Security analysts with less than six months of industry experience, who are new to RSA NetWitness and are responsible for incident identification and response.
Background in Enterprise data networking and communications is required
Familiarity with basic computer architecture, data networking fundamentals, and general information security concepts
Programming language experience
Basic knowledge of the TCP/IP protocol stack

1. Threat Landscape

  • Security Challenges
  • Changing the Security Mindset
  • Intelligence-Driven Roadmap
  • RSA NetWitness
  • RSA NetWitness Investigator
  • RSA NetWitness Investigator

2. Role of the Analyst

  • Network Security Analyst
  • Three Typical Use Cases
  • Developing an Analysis Model
  • Full Packet Capture
  • Covert Channels
  • Actionable Intelligence
  • RSA NetWitness Investigator

3. Developing Sources

  • Defining and Refining Sources
  • Accessing Source Data Using LIVE Subscriptions
  • Accessing Source Data Using Custom Feeds
  • Creating Feeds that Use New Metadata
  • Accessing Log Data Using RSA NetWitness for Logs
  • Accessing RSA NetWitness Spectrum Data
  • RSA NetWitness Live! and RSA NetWitness for Logs

4. Defining a Process

  • Defining a Methodology
  • Collecting Evidence
  • Screening the Data
  • Performing Analysis
  • Communicating Results
  • RSA NetWitness Investigator

5. Making Risk Decisions/Taking Action

  • Assigning Risk: The Analyst's Role
  • Short Term (Crisis Management): IoC
  • Long Term (Business Continuity): APT
  • Take Action: Informing the Enterprise
  • RSA Community
  • Sharing Intelligence and Sources
  • RSA NetWitness Investigator and RSA NetWitness Informer

6. Automation

  • Areas of Automation
  • Alerting and Reporting
  • Presenting Evidence
  • RSA NetWitness Informer

7. Future-Proofing the Enterprise

  • Evolving Enterprise Security
  • Continuous Monitoring
  • Securing the Cloud
  • Accepting the Challenge

8. Security Analytics 10 Technical

  • Architecture
  • Warehouse
  • User Interface
  • Licensing
  • Report Engine
  • Alerting
  • Log Collector Services

9. Capstone Project

  • Presented with various use cases that require you to determine what types of information and data elements to look for to identify traffic that fits the use case, determine how best to examine the traffic, and create any filters and reports necessary to resolve or communicate concerns.
  • You will present their findings to the rest of the class justifying their process and results.

Lab 1: Basic Analysis Using Investigator

Lab 2: Investigate Security Policy Incidents

Lab 3: Access Resources Using Live Manager, Create Custom Feeds and Filters, and Access Log Data for Analysis

Lab 4: Create Rules and Feeds that Use New Metadata to Screen Data for Analysis

Lab 5: Scenario to Determine the Risk Level with a Packet Capture and Make a Recommendation

Lab 6: Generating Informer Reports


  • Security Analyst

Public Program Schedule

Course Name Duration Brochure Location Schedule Enroll
There is no upcoming Public Batch Schedule, you can ask for Private Batch or for On-Demand Learning

Download the syllabus


The highest standard, The happiest learners

Our Enterprise Clients


  • Why should I choose RPS?
  • I am working, is it possible to arrange the classes on weekends?
  • Please confirm if your office is open on weekends?
  • Can I get the courseware in advance before start of training?
  • What are the timings (class hours)?
  • How can I make the payment?
  • What is the mode of payment?
  • Candidate authorized RPS to charge $200. But the bank has charged $208. Why is this?
  • If we need training on one of the modules only how does that work?
  • How long before do we need to book the exams?
  • Where are your training centers available?
  • Can I pay the fee in installments?
  • What are the refund policies? Can i get my money back in case i am unable to attend the training?
  • Do you provide a bank loan facility?
  • 10+ years of Training Expertise
  • Certified instructors with industry standard experience
  • Tailor made training available
  • 6+ training Locations
  • 100000 + professional trained
  • Customer Satisfaction
  • Reliable and Most cost effective Training

Yes, we do offer weekend classes for professionals in group or 1-to-1 Training depending upon the technology.

The administrative and sales staff works on weekdays (Monday - Friday). System Admins and Operation team are available on all days.

Yes, after you have paid the booking amount (which will be non–refundable in this case). Booking amount depends on the technology selected.

Training timings are from 9 am to 5 pm.

You can send the deposit by any of the following methods:-

  • PayPal
  • Credit Card
  • Bank Transfer
  • Demand Draft
  • Cash
  • Purchase Order (in case of Corporates / Government).
  • If you are an International student, the registration amount of USD 200 can be paid by Bank Transfer or PayPal/PayUMoney . The balance amount has to be paid by traveler's cheque or cash after arrival in India. You can also pay the balance by PayPal. There is a surcharge of 4% in this case.
  • For Indian Resident students, the course fees including registration can be paid by Cash, Cheque, Demand Draft or Bank transfer.To Know more Please call +919883305050 or Email us at for any of your queries.

Overseas credit card payments through PayPal involve a mark-up of up to 4% as surcharge.

We can provide customized 1-to-1 training for a technology as per your requirement.

Most exams can be booked once you are on the course (e.g. Microsoft, ITIL, VEEAM, EC-Council). Red Hat and some other exams have to be booked in advance.

Our training centers are available in Bangalore, Chennai, Hyderabad, Pune and Delhi.

We do not have facility to pay in installments

If the course fee has been paid for and RPS cancels the Course, a refund will be provided, else the courses are non-refundable.

We do not provide loan facility.

Other Related Courses

Related courses will be updated soon...