Endpoint Security (HX Series) Deployment [ILT]

Version 14

    Courses cannot be purchased or accessed from this site. If you would like to register for this course, please contact your FireEye account manager.

    This page describes the instructor-led training (ILT) version of Endpoint Security (HX Series) Deployment. For the web-based version of the course, please refer to Endpoint Security (HX Series) Deployment [WBT].

    This information is also available as a downloadable data sheet.

    FireEye Endpoint Security (HX Series) offers industry-leading threat and exploit detection capabilities. HX enables endpoint visibility for a more flexible and adaptive defense against known or unknown threats.


    This one-day course is a primer on HX, covering deployment options, basic administration, and core functionality. Hands-on activities include appliance administration, how to read alerts generated by HX, and how to contain infected endpoints.


    This course is the recommended starting point for anyone who uses an HX.



    Course Objectives

    Upon completion of the course the learner should be able to:

    • Identify the components needed for HX deployment
    • Identify the key phases of HX operation
    • Perform initial configuration of HX appliance and hosts
    • Create custom threat indicators
    • Identify critical information in an HX alert
    • Validate an HX alert
    • Conduct an Enterprise Search across endpoints
    • Request and approve hosts for containment


    Course Outline

    1. HX Product Features, Deployment and Administration
      • HX deployment
      • Intelligence sources
      • Phases of HX operation
      • Lookback cache
      • Agent installation
      • Host sets
    2. Detection
      • Threat sources & indicators
      • Appliance integration
      • Alerts
      • Triage with Triage Summary
      • Acquire files, triage packages, other built-in acquisitions from hosts
      • Run searches across all hosts in the enterprise
    3. Containment
      • Containment process
      • Containing hosts
    4. Audit Viewer
      • Access Acquisitions in Audit Viewer
      • Search and filter acquisition data
      • Apply tags and comments


    Lessons are typically a blend of lecture and hands-on lab activities.



    A working understanding of networking and network security, the Windows operating system, file system, registry, and use of the CLI.


    Target Audience

    Network security professionals and incident responders.