I just started a new job for the
state government about a month ago and we use Netwitness. Threat hunting
is a huge part of the job but there's not training or anything. So far
I've mostly seen Netwitness training on the RSA site but you have to
have a Dell education/enterprise account for it or something.
Does
anyone have any queries they use often for threat hunting with
Netwitness? I'm just trying to figure out more ways to look for
malicious activity.
Thanks
