FireEye Helix Training Course and Workshop in Bangalore, Mysore, Chennai, Hyderabad, Pune, Mumbai, Delhi, Noida, Gurgaon, Kolkata

The FireEye Helix training course covers the Helix workflow, from triaging Helix alerts, creating and scoping cases and using Helix and Endpoint Security tools to conduct investigative searches across the enterprise.

By attending FireEye Helix workshop, delegates will learn to:

Identify the components needed to deploy Helix
Determine which data sources are most useful for Helix detection and investigation
Locate and use critical information in a Helix alert to assess a potential threat
Comfortably switch between the Helix web console to other FireEye interfaces
Validate Network Security and Endpoint Security alerts
Use specialized features of Network Security and Endpoint Security to investigate and respond to potential threats across enterprise systems and endpoints

Working knowledge of networking and network security, the Windows operating system, file system, registry, and use of the CLI.

The FireEye Helix class is ideal for:

Incident response team members, threat hunters and information security professionals.

Helix Overview and Architecture

Helix Web UI
Helix workflow
Helix Architecture
3rd party data sources
FireEye technologies stack
Cloud integrations

Helix Fundamentals

Features and capabilities
Searching and pivoting
Event parsing
Custom dashboards

Search and MQL (Mandiant Query Language)

Searchable fields
Anatomy of an MQL search
MQL search, directories, and transform clauses

Deployment and IAM

User Management
Role-based Access
Deployment scenarios
Configuring 3rd party event collection

Rules & Lists

Best practices for writing rules
Creating and enabling rules
Creating and using lists
Using regular expression in rules
Multi-stage rules

Initial Alerts

Helix Alerts
Guided Investigations
Network Security Alerts
MVX engine
Endpoint Security Alerts
Triage with Triage Summary
Run searches across all hosts in the enterprise

FireEye iSight Intelligence Portal

Intelligence Context in Helix
Analysis Tools

Case Management

Creating a case in Helix
Adding events to a case
Case workflow

Data Source Selection and the Mandiant Attack Lifecycle

Data sources for detection and investigation
Attack models to frame data source selection
Using the Mandiant Attack Framework
Mapping attacker activity to the stages of an APT attack

Knowing Your Operating System

Common system processes and attributes
Identifying malicious processes
Windows Registry
Services and Tasks
Windows Event Logs
Audit Viewer and Redline

Data Acquisitions

Acquiring data using Endpoint Security
Redline collections
Other acquisition methods, such as PowerShell
Locations of evidence as they map to the Mandiant Attack Lifecycle

Investigation Methodology

Areas of Evidence
MITRE ATT&CK
Mapping evidence to Attacker Activity

Using Redline

Access triage collections for hosts for offline analysis
Navigate a data acquisition using Redline®
Apply tags and comments

Using Audit Viewer

Navigate a data acquisition using Audit Viewer
Apply tags and comments

Endpoint Security: Extended Capabiities

FireEye Market
Open IOC Editor
HXTool
Endpoint Security REST API

Encarta Labs Advantage

One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
All courses are delivered by Industry Veterans
Get jumpstarted from newbie to production ready in a matter of few days

Trained more than 50,000 Corporate executives across the Globe
All our trainings are conducted in workshop mode with more focus on hands-on sessions

FireEye Helix

COURSE AGENDA