Alert Analysis with FireEye File Protect

This course is designed to prepare analysts to triage and derive meaningful, actionable information from alerts on FireEye File Protect.

In a hands-on lab environment, learners will be presented with various alert types and real-world scenarios in which they will conduct in-depth analysis on the behavior and attributes of malware to assess real-world threats.

Learning Objectives

After completing this course, learners should be able to:

  • Recognize current malware threats and trends
  • Understand the threat detection and prevention capabilities of your FireEye Security Solution
  • Locate and use critical information in a FireEye alert to assess a potential threat
  • Examine OS and file changes in alert details to identify malware behaviors and triage alerts
  • Identify Indicators of Compromise (IOCs) in a FireEye alert and use them to identify compromised hosts

 Instructor-Led Training

Seats for our public ILT sessions can be purchased online; refer to our public training schedule for more information.

Private training sessions are available for teams of 5 or more. Please contact your FireEye account manager for availability and pricing.

Who Should Attend

Security professionals, incident responders and FireEye analysts.


1 day


A working understanding of networking and network security, the Windows operating system, file system, registry, and use of the command line interface (CLI).

Course Outline

Instructor-led sessions are typically a blend of lecture and hands-on lab activities.

  1. FireEye Core Technology
    • Malware infection lifecycle
    • MVX engine
    • Appliance analysis phases
  2. Threats and Malware Trends
    • Malware overview and definition
    • Motivations of malware
    • Mandiant Attack Lifecycle
    • Types of Malware
  3. Threat Management
    • Features and functions of the FireEye File Protect
    • Appliance Web UI
    • Alert overview
  4. OS Changes
    • APIs
    • File and folder actions
    • Code injection
    • Processes
    • Muteses
    • Windows registry events
    • Network access
    • User Account Access (UAC)
  5. Malware Objects
    • Malware object alerts
    • BOT Communication Details
    • OS Change Details for malware objects
    • Malware object origin analysis
  6. Malware Analysis Basics
    • MVX Engine Review
    • Static anlysis
    • Dynamic Analysis
    • MVX Malware Analysis
  7. Custom Detection Rules (optional)
    • Yara Malware Framework File Signatures
    • YARA on FireEye Appliances
    • YARA Hexadecimal
    • Regular Expressions
    • Conditions
    • Snort Rule Processing
    • Enabling Snort Rules
    • Creating a Snort Rule
Scroll to Top