Call : (+91) 968636 4243
Mail : info@EncartaLabs.com
EncartaLabs

FireEye Network Forensics

( Duration: 1 Day )

The FireEye Network Forensics training course covers the fundamentals of network flow analysis, session analysis, application metadata analysis, and reconstruction of data from full content utilizing the FireEye Packet Capture (PX Series) and Investigation Analysis (IA Series) appliances.

By attending FireEye Network Forensics workshop, delegates will learn to:

  • Describe the deployment of PX and IA in the context of FireEye products and services that may be part of the environment used for network traffic monitoring and analysis.
  • Define connection, packet, and session data in context of network traffic analysis.
  • Perform network traffic analysis using the PX and IA.
  • Reconstruct files or artifacts from full network packet data from resulting session data events using PX and IA.
  • Follow threat alerts from integrated FireEye systems (EX, NX,HX, PX) and intelligence feeds (FireEye Threat Intelligence and other) that aid in the breach investigation and hunting processes.

  • A working understanding of networking and network security, the Windows operating system, file system, registry and use of the command line interface (CLI).

The FireEye Network Forensics class is ideal for:

  • Network security professionals and incident responders who must work with FireEye Packet Capture and Investigation Analysis appliances to analyze cyber threats through packet data.

COURSE AGENDA

1

PX and IA Appliance Overview

  • What is PX and IA and their purpose
  • PX Hardware ports
  • PX storage considerations
  • Basic PX/IA components
2

Network Traffic Analysis Environment

  • Network core deployment
  • Network edge deployment
  • PX with NX deployment
  • PX with IA deployment
  • PX and IA relationship
  • IA distributed deployment
  • PX and IA and FireEye integrations
  • Customizing IA dashboards
  • Setting up lists
  • Query lists
3

Network Traffic Analysis with PX

  • Traffic flow analysis
  • Connections
  • Searching with BPF and XPF
  • The Web UI
  • Filter Builder
  • Packet analysis
  • Data flow in the OSI model
  • TCP/IP Protocol Suite model
  • PX Session data
  • Storing searches
  • Uploading pcap files
  • Pivot to PX
4

Searching and Filtering with IA

  • IA query tools
  • Constructing queries
  • Search types
  • Grouping
  • Escaping special characters
  • Regular expressions
  • Subnet searches
  • What is metadata?
  • IA metadata and networking models
  • Analyzing metadata
  • Query results
  • Visualizing metadata
  • Stacking metadata
  • Working with metadata filters
  • Reports for scheduled queries
  • Pivot to PX
5

Reconstructing Network Data

  • Network reconstruction
  • Data reconstruction on PX
  • Downloading a reconstructed file
  • Reconstructing packet data in IA
  • Follow the stream
  • Carving a file from steam data
  • Applying encoder/decoder chains
  • Reconstructing HTML, Email, artifacts
6

Threat Alerts and Intelligence

  • Network Threat hunting
  • FireEye alerts
  • IA alerts Web UI
  • Filtering alerts
  • Alerts tools for investigation
  • Generating a query from an alert
  • Working with rulesets
  • Threat intelligence
  • Threat intelligence alerts on IA/PX
  • The Mandiant Attack Lifecycle

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting https://www.encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top
Notice
X