RSA Netwitness Queries?
I just started a new job for the state government about a month ago and we use Netwitness. Threat hunting is a huge part of the job but there's not training or anything. So far I've mostly seen Netwitness training on the RSA site but you have to have a Dell education/enterprise account for it or something.
Does anyone have any queries they use often for threat hunting with Netwitness? I'm just trying to figure out more ways to look for malicious activity.