Interactive Courses + DFIR NetWars Available During SANS Cyber Security Central in June. Save $300 thru 5/12.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Detect and Track Security Attacks with NetWitness

  • Monday, January 25, 2021 at 1:00 PM EST (2021-01-25 18:00:00 UTC)
  • Dave Shackleford, Dustin Lee


  • RSA

You can now attend the webcast using your mobile device!



Conducting forensic investigations into incidents is a crucial part of unearthing the details of security attacks. With the rise of security analytics tools, those investigations can provide excellent information about where an attack originated, how a compromise occurred, what resources were compromised, what data was lost, and over what period of time it all happened.

This webcast and associated whitepaper reviews NetWitness, RSAs advanced SIEM and threat detection platform. Join SANS analyst and senior instructor Dave Shackleford and RSA Senior Security Engineer Dustin Lee as they delve into how NetWitness can aid security analysts, SOC teams, and investigators in detecting and tracking a variety of security threats today.

Register today to be among the first to receive the associated whitepaper written by Dave Shackleford.

Speaker Bios

Dave Shackleford

Dave Shackleford, a SANS analyst, senior instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

Dustin Lee

Dustin Lee is a senior security engineer at RSA. Over the past 14 years, Dustin held different roles in U.S. Government Services as a direct employee and contractor to include Operations Planner, Director of Information Management, and Incident Response Team Lead. After time spent in the government sector, he worked on building adversary emulation scenarios while also becoming a SANS Community Instructor. He has also had the chance to work with various Incident Response Teams, both military and civilian, to assist in response activities and modeling threat campaigns for training as well as team-based skills assessments. During his time with the military, Dustin was given the opportunity to provide network monitoring for security forces during President Obama's second inauguration, directly support offensive cyber operations, and perform cyber assistance visits with partner countries. He is an avid supporter of free and open-source software.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.