Lesson Tag: System Administrators

Configuring FireEye Integrations

Both Network Forensics appliances integrate with a list of FireEye appliances and services. The Packet Capture integrations covered in this lessons include: FireEye Helix FireEye Threat Intelligence FireEye Network Security The Investigation Analysis integrations covered in this lesson include: FireEye Packet Capture FireEye Threat Intelligence Alert Aggregation from various FireEye appliances FireEye Malware Analysis FireEye …

Configuring FireEye Integrations Read More »

Metadata Load Management

The FireEye Investigation Analysis appliance Web UI enables you to reduce the load of metadata that arrives from connected Packet Capture appliances using PX metadata filtering and DNS aggregation. PX Metadata Filtering reduces traffic sent from your connected Packet Capture appliance to your Investigation Analysis appliance. With DNS Flow Aggregation you can aggregate flow records …

Metadata Load Management Read More »

Rules and Software Management

Using the FireEye Investigation Analysis as a central management platform, you can manage and deploy Suricata-based rule sets on connected FireEye Packet Capture appliances. In a similar manner, you can deploy and install software updates to connected FireEye Packet Capture appliances. Suricata rules are similar to Snort rules for generating alerts. When configured on a Packet Capture …

Rules and Software Management Read More »

Process Management

Process management of the Network Forensics appliances covers appliance processes and associated logs. Both Network Forensics appliances have a similar but different set of tools to manage processes and view and configure logs. The tool set for both appliances include CLI and Web UI tools.

Access Management

Access management in the context of Network Forensics appliances pertains to users, user access to the appliances, and the level of access granted to each. To use the Web UI for analysis or to perform operation tasks via the CLI or the system shell on the Network Forensics appliances, users must have the appropriate level …

Access Management Read More »

System Readiness

After installation and baseline configuration of Packet Capture and Investigation Analysis, as an admin you must perform a few system readiness checks on each type of appliance to ensure that you can: Capture traffic successfully Perform basic searches on both systems

Network Forensics Network Deployment

As a admin, during the network deployment stage, you will most likely work with analysts. Thus, familiarity with your network architecture, scope and type of traffic to be captured, and locations where Packet Capture is likely to capture the intended traffic is essential. FireEye Investigation Analysis is the primary tool for analysts as well as …

Network Forensics Network Deployment Read More »

Platform Introduction

Welcome to the FireEye Network Forensics Administration and Integration training. The Network Forensics solution consists of two primary appliance types: Packet Capture (PX Series) Investigation Analysis (IA Series) The Packet Capture appliance is a high-performance, intelligent network traffic capture appliance that processes, indexes, and stores the network data, while Investigation Analysis enables security analysts to …

Platform Introduction Read More »

Searches and Acquisitions

The goal of the lesson is to introduce the searches and acquisitions features of FireEye Endpoint Security so that you can support and configure these features in your environment. Objectives: After completing this lesson, you will be able to: Run a simple search across all hosts in the enterprise Run an exhaustive search across all …

Searches and Acquisitions Read More »

Scroll to Top