United Kingdom
Germany
Denmark
Sweden
Italy
Netherlands
Norway 
This course examines how to triage alerts generated by the Trellix Network Security and Endpoint Security (HX) platforms, derive actionable information from those alerts, and inspect affected endpoints using live analysis and investigation fundamentals.Hands-on activities span the entire analysis and live investigation process, beginning with a Trellix-generated alert, leading to discovery and analysis of the host for evidence of malware and other unwanted intrusion. Endpoint analysis focuses on investigation techniques using features of Endpoint Security (HX), such as the Triage Summary, Audit Viewer, and Acquisitions.
Ota yhteyttä
Voit olla meihin yhteydessä ja tiedustella koulutuksistamme täydentämällä yhteystietosi ja koulutuksen nimen oheen.
Alert Analysis and Investigations with Network Security and Endpoint Security (HX)
VARAA NYT
Kesto 4 päivää
Toimitus (Online ja paikan päällä)
HintaHinta pyydettäessä
- Recognize current malware threats and trends
- Interpret alerts from Network Security and Endpoint Security (HX) products
- Locate and use critical information in Trellix alerts to assess a potential threat
- Define indicators of compromise based on an alert and identify compromised hosts
- Describe methods of live analysis
- Create and request data acquisitions to conduct an investigation
- Define common characteristics of Windows processes and services
- Investigate a data collection from Endpoint Security (HX) using a defined methodology
- Identify malicious activity hidden among common Windows events
Day 1
Threats and Malware Trends
- Threat landscape
- Attack motivations
- MITRE ATT&CK framework
- Emerging threat actors
Initial Alerts
- Endpoint Security (HX) alerts
- Triage with Triage Summary
- Network Security alerts
- Identifying forensic artifacts in the OS Change Detail
MVX Alerts
- Trellix alert types
- Identifying forensic artifacts in the OS Change Detail
- Callbacks
- SmartVision
- Threat assessment
Day 2
Using Audit Viewer and Redline®
- Access triage and data collections for hosts
- Navigate a triage collection or acquisition using Redline® or Audit Viewer
- Apply tags and comments to a triage collection to identify key events
Windows Telemetry and Acquisitions
- Live forensic overview
- Windows telemetry
- Acquiring data
Day 3
Acquisitions
- Triage and real-time events
- Live system acquisitions
- Bulk acquisitions
- Endpoint Security (HX) REST API
Modules
- Administration
- Detection and protection
- Response
Day 4
Investigation Methodology
- MITRE ATT&CK framework
- Mapping evidence to attacker activity
Capstone: Capture the Flag (CTF)
This course is intended for security analysts, incident responders, and threat hunters who use Network Security or Endpoint Security (HX) to detect, investigate, and prevent cyber threats.
Students taking this course should have a working knowledge of Windows operating systems, networking and network security, file system, registry and regular expressions, and experience scripting in Python.
This course examines how to triage alerts generated by the Trellix Network Security and Endpoint Security (HX) platforms, derive actionable information from those alerts, and inspect affected endpoints using live analysis and investigation fundamentals.Hands-on activities span the entire analysis and live investigation process, beginning with a Trellix-generated alert, leading to discovery and analysis of the host for evidence of malware and other unwanted intrusion. Endpoint analysis focuses on investigation techniques using features of Endpoint Security (HX), such as the Triage Summary, Audit Viewer, and Acquisitions.
- Recognize current malware threats and trends
- Interpret alerts from Network Security and Endpoint Security (HX) products
- Locate and use critical information in Trellix alerts to assess a potential threat
- Define indicators of compromise based on an alert and identify compromised hosts
- Describe methods of live analysis
- Create and request data acquisitions to conduct an investigation
- Define common characteristics of Windows processes and services
- Investigate a data collection from Endpoint Security (HX) using a defined methodology
- Identify malicious activity hidden among common Windows events
Day 1
Threats and Malware Trends
- Threat landscape
- Attack motivations
- MITRE ATT&CK framework
- Emerging threat actors
Initial Alerts
- Endpoint Security (HX) alerts
- Triage with Triage Summary
- Network Security alerts
- Identifying forensic artifacts in the OS Change Detail
MVX Alerts
- Trellix alert types
- Identifying forensic artifacts in the OS Change Detail
- Callbacks
- SmartVision
- Threat assessment
Day 2
Using Audit Viewer and Redline®
- Access triage and data collections for hosts
- Navigate a triage collection or acquisition using Redline® or Audit Viewer
- Apply tags and comments to a triage collection to identify key events
Windows Telemetry and Acquisitions
- Live forensic overview
- Windows telemetry
- Acquiring data
Day 3
Acquisitions
- Triage and real-time events
- Live system acquisitions
- Bulk acquisitions
- Endpoint Security (HX) REST API
Modules
- Administration
- Detection and protection
- Response
Day 4
Investigation Methodology
- MITRE ATT&CK framework
- Mapping evidence to attacker activity
Capstone: Capture the Flag (CTF)
This course is intended for security analysts, incident responders, and threat hunters who use Network Security or Endpoint Security (HX) to detect, investigate, and prevent cyber threats.
Students taking this course should have a working knowledge of Windows operating systems, networking and network security, file system, registry and regular expressions, and experience scripting in Python.
- ` Päivämäärä pyynnöstä