The FireEye Investigation Analysis appliance Web UI enables you to reduce the load of metadata that arrives from connected Packet Capture appliances using PX metadata filtering and DNS aggregation. PX Metadata Filtering reduces traffic sent from your connected Packet Capture appliance to your Investigation Analysis appliance. With DNS Flow Aggregation you can aggregate flow records …
Using the FireEye Investigation Analysis as a central management platform, you can manage and deploy Suricata-based rule sets on connected FireEye Packet Capture appliances. In a similar manner, you can deploy and install software updates to connected FireEye Packet Capture appliances. Suricata rules are similar to Snort rules for generating alerts. When configured on a Packet Capture …
Searches and Acquisitions The goal of the lesson is to introduce the searches and acquisitions features of FireEye Endpoint Security so that you can support and configure these features in your environment. Objectives: After completing this lesson, you will be able to: Run a simple search across all hosts in the enterprise Run an exhaustive …
This lesson covers containment and containment settings for FireEye Endpoint Security. Objectives: After completing this lesson, you will be able to: Contain a compromised host following the recommended containment process Customize containment settings, such as excluding key hosts in your network from containment Assign the correct user roles for users that need to contain endpoints
This lesson covers the basics of detection and alerting. Objectives: After completing this lesson, you will be able to: Differentiate the 3 threat sources for Endpoint Security rules. Distinguish exploit, presence, and execution indicator types. Create custom rules. Identify critical information in an Endpoint Security alert. Identify attacker behavior and malicious activity in an Endpoint …
This lesson covers the key components of FireEye Endpoint Security. Objectives: After completing this lesson, you will be able to: Explain the interplay between Endpoint Security and other FireEye products such as Network Security (NX), Central Management (CM), and Helix Identify the components of Endpoint Security Describe the function of the FireEye Endpoint Agent and …
This short lesson covers an overview and introduction to FireEye’s Endpoint Security.
As a admin, during the network deployment stage, you will most likely work with analysts. Thus, familiarity with your network architecture, scope and type of traffic to be captured, and locations where Packet Capture is likely to capture the intended traffic is essential. FireEye Investigation Analysis is the primary tool for analysts as well as …
Welcome to the FireEye Network Forensics Administration and Integration training. The Network Forensics solution consists of two primary appliance types: Packet Capture (PX Series) Investigation Analysis (IA Series) The Packet Capture appliance is a high-performance, intelligent network traffic capture appliance that processes, indexes, and stores the network data, while Investigation Analysis enables security analysts to …