The Mandiant Intelligent Response (MIR) appliance finds evidence of compromise and forensic artifacts on your endpoints left behind by attacker activity. With MIR you can rapidly sweep tens of thousands of endpoints using Mandiant's latest intelligence about advanced attacker activity.
This two-day instructor-led course provides an introduction to using Mandiant for Intelligent Response (MIR) as an incident response tool. Labs take students through a breach, teaching how to perform sweep hit analysis, build live response scripts, basic unknown binary analysis, and basic Indicator of Compromise (IOC) creation.
Upon completion of the course the learner should be able to:
- Perform a hit review after a sweep
- Build and use live response host audit scripts
- Perform basic malware analysis using FireEye AX
- Build simple IOCs
- MIR Core Concepts
- Incident types and incident response requirements
- MIR basics: architecture, sweeps, scripts, jobs, and IOCs
- Building sweeps
- Tuning monthly sweeps
- Hit review
- Binary Analysis
- FireEye AX
- Strings analysis
- Live Response
- Live response methodology
- Live response audit scripts
- Interpreting live response data Pivoting / Searching
- IOC architecture within MIR Building IOCs
- Testing IOCs
- Sweeping with custom IOCs
Lessons are typically a blend of lecture and hands-on lab activities.
Students should have a working understanding of networking and network security, the Windows OS, file system, registry, and use of the CLI.
Network security professionals and incident responders.