FireEye Product Deployment and Alert Analysis Bootcamp

Code: 2331

3 days

List Tuition : $3,000.00 USD

Course Overview

    Download PDF 

In this course, you will learn about the deployment, installation, configuration, and administration of NX, EX, and AX products. This course covers the FireEye Alerts and a framework on how to interpret callbacks and malware binary analysis results.

In a hands-on lab environment, you will be presented with alert scenarios and will analyze the alert data to determine the significance of the alerts. You will also learn about incident analysis, analyzing events, how to read alerts, identify recipients of malicious emails in their network, and how to submit malware samples to the AX for deep forensic analysis.

  • Network security professionals
  • Incident responders
  • FireEye administrators and analyst users
  • Deploy, install, and configure a FireEye appliance
  • Administer an NX appliance
  • Identify potentially compromised hosts
  • Administrate an EX appliance
  • Identify recipients of malicious emails
  • Administrate the FX series appliances
  • Configure a file share for remote scan
  • Schedule recurring file share scans
  • Review analysis results of a network file share scan
  • Network Security (NX series) Deployment
  • Email Security (EX series) Deployment
  • Content Security (FX series) Deployment
  • Forensic Analysis (AX series) Deployment
  • Administrate an AX series appliance
  • Submit malware samples to the AX series appliance for deep inspection
  • Review analysis results for submitted malware
  • Distinguish FireEye alert types
  • Locate and use critical information in a FireEye alert to assess a potential threat
  • Use Indicators of compromise (IOCs) in a FireEye alert to identify the threat on compromised hosts

1. FireEye Core Technology

  • Malware infection cycle
  • MVX engine
  • Appliance analysis phases

2. NX Series Deployment

  • Correct NX network positioning
  • Deployment modes
  • Initial NX configuration

3. Appliance Administration

  • Appliance updates
  • Role-based access and user accounts
  • Malware event notifications
  • System notifications
  • Reporting
  • Back-ups

4. ContentSecurity-EX Series

  • Deployment
  • Initial appliance configuration
  • FireEye FX Web UI and Dashboard
  • Setting up file shares for analysis
  • Running on-demand or scheduled analysis on a network file share
  • Reviewing analysis results

5. ContentSecurity-FX Series

  • Deployment
  • Initial appliance configuration
  • FireEye FX Web UI and Dashboard
  • Setting up file shares for analysis
  • Running on-demand or scheduled analysis on a network file share
  • Reviewing analysis results

6. Central Management-CM Series

  • FireEye CM Web UI and Dashboard
  • Managing NX, EX, FX, and AX
  • Correlating events detected via different vectors, e.g. web and email
  • Submitting alerts detected by the EX and NX to the AX for deep analysis

7. Forensic Analysis-AX Series

  • Primary functions AX platform
  • AX deployment
  • Initial AX configuration
  • FireEye AX Web UI and Dashboard
  • Setting up file shares and scheduling batch analysis
  • Submitting malware samples and specifying analysis parameters
  • Reviewing analysis results for submitted malware

8. Callbacks

  • Malware Callback alerts
  • Domain Match alerts
  • Indicators of compromise (IOCs)
  • Encoded traffic
  • 3436Web Infection alerts
  • Honey binary
  • Second-stage payloads
  • Identify common IOCs

9. Malware Objects

  • Malware Object alerts
  • MVX engine binary analysis of files
  • Tracing downloads through HTTP headers
  • Determine origin of the malware object downloaded
  • Identify IOCs in malware alerts

10. OS Change Walk-Through

  • OS Change detail
  • Windows API
  • Windows registry
  • Code injection
  • Alternate data streams
  • Auto-run behavior
  • Driver loading
  • User Account Control

11. Malware Basics

  • Malware overview and definition
  • Motivations of malware
  • Types of malware
  • Spear phishing
  • Stages of an APT attack
  • A working understanding of networking and network security, the Windows operating system, file system, registry, and use of the CLI
  • Recommended Courses:

Request a Discounted Quote




Bring Training to You

Request schedule for this course

Request a Quote for this Class

We provide government and government contractor discounts, please request a quote

Schedule



total option: 0

Hotel and Travel can be included on your quote.
For immediate response, you can call 1-855-515-2170 or we will provide a quote within 4 business hours. Travel must be booked 14 days before training for rate to apply.

Learn How to Become a Managed Learning Member

Request a Quote

Thank you for requesting a quote, we will be in touch shortly with a quote. If you need immediate assistance, please call 855-515-2170.

Request Other Date

Request date or location you need

Don’t see the date or location you need? Contact us and let us know, we are adding dates and locations daily.