The Trellix Endpoint Detection and Response Administration course from Education Services prepares SOC Analysts to understand, communicate, and use the features provided by Endpoint Detection and Response (EDR). Trellix EDR helps to manage the high volume of alerts, empowering analysts of all skill levels to do more and investigate more effectively. Through hands-on lab exercises, you will learn how to detect advanced device threats, fully investigate, and quickly respond.

• Install EDR in an on-premises ePolicy Orchestrator (ePO) environment
• Navigate effectively through the product dashboard, walk through guided investigations, and create custom collectors and reactions
• Leverage EDR features to detect advanced device threats, fully investigate them, and quickly respond
• Use alert ranking and data visualization to quickly understand threats and prioritize action

Day 1

• Welcome
• What is EDR?
• Architecture
• Setup and Deployment
• Monitoring
• Alerting
• Device Search
• Historical Search

Day 2

• Real-time Search
• Investigating
• Catalog
• Action History
• Performance Metrics
• Troubleshooting
• Use Cases

This course is intended for customers acting as analysts and/or engineers, responsible for configuration, management, and monitoring activity on their systems, networks, databases, and applications using the EDR solution.

Students taking this course should have a solid knowledge of networking and system administration concepts, computer security concepts, network security concepts and practices, as well as a working knowledge of malware analysis, forensics, tactics, and techniques. Students should also have a general understanding of networking and application software.