FireEye Network Forensics (PX Series) allows you to identify and resolve security incidents faster by capturing and indexing full packets at extremely rapid speeds. With PX, you can detect a broad array of security incidents, improve the quality of your response and precisely quantify the impact of each incident.
This one-day course is a primer on PX, covering deployment options, basic administration, and core functionality. Hands-on activities include appliance administration, searching and filtering captured data, and reconstruction of sessions from captured packet data.
This course is the recommended starting point for anyone who uses a PX.
Upon completion of the course the learner should be able to:
- Describe PX
- Illustrate how PX appliances are deployed in a typical network
- Search and filter connection and session data using PX
- Reconstruct session data for a malicious breach using PX
- Network Forensics Overview
- What is PX?
- Purpose of PX
- What is IA?
- Purpose of IA
- The breach response
- Analysis of an APT breach response
- Network Forensics Deployment
- Network core
- Near network ingress and egress
- PX and NX in SPAN/TAP mode
- PX and NX in inline mode
- IA and PX relationship
- PX and IA
- Distributed IA deployment
- Network forensics: FireEye integrations
- PX Utilization
- Accessing the WebUI
- PX search
- Performing a search
- Search results
- Filter Builder
- Saving the search
- Saved searches
- Event based capture
Lessons are typically a blend of lecture and hands-on lab activities.
A working understanding of networking and network security, the Windows operating system, file system, registry, and use of the CLI.
Network security professionals and incident responders.