Duration: 5 Days
In this course, you will learn the RSA enVision functions and data flows. You
will learn the essentials of data collection, event management, alerting, and
reporting. You will practice creating views, queries, correlated alerts,
reports, watchlists, and event traces.
Through hands-on labs, you will explore how to create and deploy event-source
support files for unknown devices using the Event Source Integrator (ESI) tool,
thereby extending the compliance and security capabilities provided by enVision.
What You Will Learn
- Basic enVision data flows
- Collect data from event sources and configure
enVision
- Create users
- View data in real time and from an historical
perspective
- Create queries and various types of reports
- Create and manage
dashboard reports
- Create alerts and correlated rules
- Set up an enterprise
dashboard
- Create a watchlist
- Manage vulnerabilities and assets
- Back up
data and obtain content updates
- Create and manage incidents
- Investigate
incidents using event traces
- Event-source-integration process
- Collection
methods for different types of logs
- Extract events from an unknown event
source
- EventSource Integrator (ESI) tool
Audience
System, security, or help desk personnel who need to administer the RSA enVision product
Prerequistes
Functional knowledge of computer operations and networking fundamentals
Course Outline
1. RSA enVision
- Functions of the RSA enVision product and its primary components
- Operational data flows
- Services
2. enVision Configuration and Data Collection
- Tour the user interface for management functions
- Management of monitored devices and assets
- Creating users
3. Monitoring Event Data
- Using the event viewer to view real-time data
- Using the query function to define and refine data-retrieval parameters
4. Reporting
- Using RSA
enVision to monitor and retrieve historical data for use in compliance and
policy reporting
- Report
creation and scheduling
- Report customization
- Dashboard reports
5. Alerting
- Correlating certain events to trigger an alert
- Creating basic and correlated Alerts
6. Enterprise Dashboard
- Functions and how to manage the Dashboard layout
7. Watchlists
- Use of the Watchlist function to filter events for alerting and reporting
purposes
8. Vulnerability and Asset Management
- Vulnerability and asset management functionality to use information about
enterprise assets and known vulnerabilities in conjunction with IDS systems
9. enVision Maintenance
- Backup and restore methodologies and recommendations
- Event-source updates
10. Incident Handling
- enVision Event Explorer feature to retrieve and analyze data
- Using Incident Management functionality to create, view, and refine incidents
- Using Event Traces for
incident investigation
11. Principles of Logging
- Events vs. log messages
- Organizing log messages
- Using syslog protocol in enVision
- Identifying the structure of support files
12. Log Collection Methods and
Formats
- enVision's
alternative log-collection methods
- Using a particular collection service
- Setting up an alternative collection service
- Extracting log files
13. Creating Support Files
- EventSource Integrator (ESI)
- Headers and payloads defined in ESI
- Creating support files for an unknown event source
- Creating and deploying the event source packageTesting the event source
integration
Course Labs
In addition to lecture and demonstrations, this course includes hands-on labs designed to give you practical experience.
