FireEye Threat Analytics Platform (TAP) applies threat intelligence, expert rules and advanced security data analytics to noisy event data streams. By revealing suspicious behavior patterns and generating alerts that matter, security teams can prioritize and optimize their response efforts.
This one-day course is a primer on TAP, covering TAP features, benefits, deployment options, basic administration, and core functionality. Learners will discover the unique strengths of TAP, and understand how TAP enables real-time situational awareness of known and unknown network security threats.
Hands-on activities include triaging TAP alerts, investigating security incidents, and hunting for unknown attackers.
Upon completion of the course the learner should be able to:
- Correlate live network activity to known threats
- Describe the TAP architecture
- Determine which data sources are most useful
- Triage TAP alerts and investigate security incidents
- Differentiate between sources of threat actor intelligence
- Describe the features and benefits of TAP
- Actively hunt for unknown attackers
- Introduction to TAP
- TAP User Interface
- Mandiant Query Language
- Communications Broker and Cloud Collector
- TAP architecture
- Communications Broker
- Cloud Collector
- Data Sources
- Data source selection
- FireEye Intel Center
- Main features
- FIC user interface
- Central Intelligence Hubs
- Categories and subcategories
- Analysis tools
- Community Threat Intelligence
- Event Response Workflow
- Event response process
- Rules and Detection
- FireEye rules and customer rules
- Intelligence-based and behavior-based rules
- Creating customer rules
- TAP taxonomy
- Classes and metaclasses
- Regular expressions
- Hunting in TAP
- Hunting investigation technique
- Environment baselines
- Risk-based approach
- Aggregation using Groupby
- Behavioral rules
Lessons are typically a blend of lecture and hands-on lab activities.
- Functional knowledge of networking and network security.
- A working understanding of the Windows registry, operating system, and command line interface.
Network security professionals and incident responders.