Lesson Tag: Analysts

Metadata Load Management

The FireEye Investigation Analysis appliance Web UI enables you to reduce the load of metadata that arrives from connected Packet Capture appliances using PX metadata filtering and DNS aggregation. PX Metadata Filtering reduces traffic sent from your connected Packet Capture appliance to your Investigation Analysis appliance. With DNS Flow Aggregation you can aggregate flow records …

Metadata Load Management Read More »

Rules and Software Management

Using the FireEye Investigation Analysis as a central management platform, you can manage and deploy Suricata-based rule sets on connected FireEye Packet Capture appliances. In a similar manner, you can deploy and install software updates to connected FireEye Packet Capture appliances. Suricata rules are similar to Snort rules for generating alerts. When configured on a Packet Capture …

Rules and Software Management Read More »

Searches and Acquisitions

Searches and Acquisitions The goal of the lesson is to introduce the searches and acquisitions features of FireEye Endpoint Security so that you can support and configure these features in your environment. Objectives: After completing this lesson, you will be able to: Run a simple search across all hosts in the enterprise Run an exhaustive …

Searches and Acquisitions Read More »

Containment

This lesson covers containment and containment settings for FireEye Endpoint Security. Objectives: After completing this lesson, you will be able to: Contain a compromised host following the recommended containment process Customize containment settings, such as excluding key hosts in your network from containment Assign the correct user roles for users that need to contain endpoints

Threat Management

This lesson covers the basics of detection and alerting. Objectives: After completing this lesson, you will be able to: Differentiate the 3 threat sources for Endpoint Security rules. Distinguish exploit, presence, and execution indicator types. Create custom rules. Identify critical information in an Endpoint Security alert. Identify attacker behavior and malicious activity in an Endpoint …

Threat Management Read More »

Network Forensics Network Deployment

As a admin, during the network deployment stage, you will most likely work with analysts. Thus, familiarity with your network architecture, scope and type of traffic to be captured, and locations where Packet Capture is likely to capture the intended traffic is essential. FireEye Investigation Analysis is the primary tool for analysts as well as …

Network Forensics Network Deployment Read More »

Platform Introduction

Welcome to the FireEye Network Forensics Administration and Integration training. The Network Forensics solution consists of two primary appliance types: Packet Capture (PX Series) Investigation Analysis (IA Series) The Packet Capture appliance is a high-performance, intelligent network traffic capture appliance that processes, indexes, and stores the network data, while Investigation Analysis enables security analysts to …

Platform Introduction Read More »

Scroll to Top