This course provides an overview of Email Security – Cloud Edition core functionality and covers administration procedures and alert analysis..
Hands-on activities include rule/policy creation, alert generation and the breakdown and analysis of information found in a FireEye email alert that is used in incident reporting
Learning Objectives
After completing this course, learners should be able to:
- Describe how Email Security detects and protects against malware
- Demonstrate knowledge of the email analysis process
- Configure Email Security settings, policies and notifications
- Describe the various queues used for email management and processing
- Identify alerts correlated with Network Security with and without Central Management
- Find critical alert information on the Dashboard
- Access and manage alerts and quarantined emails
- Examine OS and file changes in alert details to identify malware behaviors and triage alerts
Instructor-Led Training
Seats for our public ILT sessions can be purchased online; refer to our public training schedule for more information.
Private training sessions are available for teams of 5 or more. Please contact your FireEye account manager for availability and pricing.
Who Should Attend
Analysts (primary) and administrators responsible for the set up and management of Email Security Cloud.
Duration
1 day
Prerequisites
A working understanding of networking and network security and Windows operating and file systems.A working understanding of networking and network security, the Windows operating system, file system, registry, and use of the command line interface (CLI).
Course Outline
Instructor-led sessions are typically a blend of lecture and hands-on lab activities.
- Threat Management with Email Security – Cloud Edition
- Email Security Cloud internal flow
- Phishing email attacks
- Header, attachment and URL analysis
- Email queues and message tracking
- Intelligence-led detection and detection plug ins
- Anti-fraud detection
- AV/AS components
- Email and Network Security alert correlation
- Email Security – Cloud Edition Administration
- Authentication settings
- Email domain and policy configuration
- Quarantine reports
- Digest templates
- Portal access
- Alert notifications
- System settings
- Email Security and FireEye Central Management
- Email Security – Cloud Edition Alerts
- Dashboard
- Alert summary and message details
- Quarantine
- Email trace
- Email notifications
- Reporting
- OS Changes
- APIs
- File and folder actions
- Code injection
- Processes
- Mutexes
- Windows registry events
- Network access
- User Account Access (UAC)
- Malware Objects
- Email malware lifecycle
- Analysis of malware object alerts
- Malware Analysis Basics
- MVX Engine Review
- Static Analysis
- Dynamic Analysis
- MVX Malware Analysis
- Custom Detection Rules (optional)
- Yara Malware Framework File Signatures
- YARA on FireEye Appliances
- YARA Hexadecimal
- Regular Expressions
- Conditions
- Snort Rule Processing
- Enabling Snort Rules
- Creating a Snort Rule