Upon successful completion of this course, participants should be able to:
Describe the RSA NetWitness Logs & Network architecture, components and functions
Describe how metadata is created
Differentiate between meta keys, meta values, and metadata
Investigate data using simple and complex queries
Customize the investigation display
Filter data using rules
Create new meta values using Application and Correlation rules and RSA Live content
Create alerts using ESA and reporting rules to track potential threats
Create and manage incidents