FireEye Endpoint Security (HX Series) offers industry-leading threat and exploit detection capabilities. HX enables endpoint visibility for a more flexible and adaptive defense against known or unknown threats.
This one-day course is a primer on HX, covering deployment options, basic administration, and core functionality. Hands-on activities include appliance administration, how to read alerts generated by HX, and how to contain infected endpoints.
This course is the recommended starting point for anyone who uses an HX.
Upon completion of the course the learner should be able to:
- Identify the components needed for HX deployment
- Identify the key phases of HX operation
- Perform initial configuration of HX appliance and hosts
- Create custom threat indicators
- Identify critical information in an HX alert
- Validate an HX alert
- Conduct an Enterprise Search across endpoints
- Request and approve hosts for containment
- HX Product Features, Deployment and Administration
- HX deployment
- Intelligence sources
- Phases of HX operation
- Lookback cache
- Agent installation
- Host sets
- Threat sources & indicators
- Appliance integration
- Triage with Triage Summary
- Acquire files, triage packages, other built-in acquisitions from hosts
- Run searches across all hosts in the enterprise
- Containment process
- Containing hosts
- Audit Viewer
- Access Acquisitions in Audit Viewer
- Search and filter acquisition data
- Apply tags and comments
Lessons are typically a blend of lecture and hands-on lab activities.
A working understanding of networking and network security, the Windows operating system, file system, registry, and use of the CLI.
Network security professionals and incident responders.