Network Forensics (PX Series) Utilization [ILT]

Version 13

    Courses cannot be purchased or accessed from this site. If you would like to register for this course, please contact your FireEye account manager.

    This information is also available as a downloadable data sheet.

    FireEye Network Forensics (PX Series) allows you to identify and resolve security incidents faster by capturing and indexing full packets at extremely rapid speeds. With PX, you can detect a broad array of security incidents, improve the quality of your response and precisely quantify the impact of each incident.

     

    This one-day course is a primer on PX, covering deployment options, basic administration, and core functionality. Hands-on activities include appliance administration, searching and filtering captured data, and reconstruction of sessions from captured packet data.

     

    This course is the recommended starting point for anyone who uses a PX.

     


     

    Course Objectives

    Upon completion of the course the learner should be able to:

    • Describe PX
    • Illustrate how PX appliances are deployed in a typical network
    • Search and filter connection and session data using PX
    • Reconstruct session data for a malicious breach using PX

     

    Course Outline

    1. Network Forensics Overview
      • What is PX?
      • Purpose of PX
      • What is IA?
      • Purpose of IA
      • The breach response
      • Analysis of an APT breach response
    2. Network Forensics Deployment
      • Network core
      • Near network ingress and egress
      • PX and NX in SPAN/TAP mode
      • PX and NX in inline mode
      • IA and PX relationship
      • PX and IA
      • Distributed IA deployment
      • Network forensics: FireEye integrations
    3. PX Utilization
      • Accessing the WebUI
      • PX search
      • Performing a search
      • Search results
      • Filtering
      • Filter Builder
      • Saving the search
      • Saved searches
      • Event based capture

     

     

    Lessons are typically a blend of lecture and hands-on lab activities.

     

    Prerequisites

    A working understanding of networking and network security, the Windows operating system, file system, registry, and use of the CLI.

     

    Target Audience

    Network security professionals and incident responders.