Duration: 3 Days
In this course that focuses on administration of the RSA Security Analytics product, you will get an overview of RSA Security Analytics and hands-on configuration of components, including a Log Decoder, managing users, and creating filters and rules. Additionally, you will cover integration with enVision and monitoring capabilities.
What You Will Learn
- Security Analytics architecture
- Security Analytics data sources, including
the Warehouse
- Licensing process
- Security Analytics User Interface
- Customize the interface
- Configure and license devices
- Create device groups
- Add users and groups
- Set roles and permissions for users and groups
- Configure external authentication
- Configure data capture including log
collection
- Configure Live Manager
- Deploy feeds to the Decoder
- Configure
the Reporting Engine
- Create filters and rules on the Decoder
- Configure
Spectrum
- Use the REST API for basic tasks
- Monitor the environment
- Identify and resolve issues
- Migrating from enVision to Security Analytics
Audience
RSA Security Analytics administrators
Prerequistes
- Familiarity with
networking fundamentals and general information security concepts
- Familiarity with Linux
Course Outline
1. RSA Security Analytics Overview
- RSA Security Analytics architecture
- RSA Security Analytics components
- Licensing
- Packets, sessions, logs, and
content
- Data flow
- Data sources
- Deployment scenarios
- Deployment
considerations
- The Virtual Environment
- Security Analytics interface
- Customizing the interface
2. Configuring RSA Security Analytics
- Adding
devices
- Device groups
- Concentrator settings
- Decoder settings
- Configure Live Manager
- Custom feeds
- Configuration files
- Configure the
Reporting Engine
- Configure Context Sensitive Menus
- Configure the Warehouse
- Configure Spectrum
3. Setting Up Data Collection
- Setting up capture for
packets and log data
- Configuring log collection
- Setting up collection for
File Reader
- Setting up collection for Windows
- Setting up collection for
ODBC
- Setting up collection for Check Point
- Testing data capture
4.
Managing Users
- User administration overview
- Users, groups, roles, and
permissions
- Managing Security Analytics users
- Configuring external
authentication
- Managing Spectrum users
5. Creating Rules, Reports, and
Alerts
- Rules overview
- Rules data flow
- Navigating data
- Reports
- Alerting
6. Monitoring the environment
- Viewing statistics
- Monitoring
devices
- Monitoring query performance
- Monitoring Concentrator aggregations
- Tuning the index
- Resetting the databases
- Viewing logs
- REST API
- Crash
Reporter
7. Migrating from enVision to Security Analytics
- Migration
overview
- The Z-Connector
- Configuring the IPDB Extractor Service
- Migrating enVision data
Course Labs
In addition to lecture and demonstrations, this course includes hands-on labs designed to give you practical experience.
