FireEye Network Forensics (PX Series) and Investigation Analysis (IA Series) are a powerful combination, pairing the industry's fastest lossless network data capture and retrieval solution with centralized analysis and visualization. PX and IA accelerate the network forensics process with a single workbench that simplifies investigations and reduces risk with expanded visibility into lateral spread.
This one-day course begins with an overview of PX and IA, including common deployment scenarios in a typical network. The PX Utilization module covers end-user tasks, including searching and filtering captured data and the reconstruction of sessions from captured packet data. The IA Utilization module addresses query construction for searching indexed layer-7 data, visualizing parallel queries, filtering of resulting data, along with extracting pcap files from connected PX systems.
The course materials include an intuitive administration reference section that covers readiness of both PX and IA systems, integration between them, and other daily administration tasks.
Upon completion of the course the learner should be able to:
- Describe PX
- Describe IA
- Illustrate how PX is deployed
- Illustrate how IA is deployed
- Search and filter connection and session data using PX
- Reconstruct session data for a malicious breach using PX
- Construct layer-7 search queries and filter results using IA
- Extract pcap data from PX using the IA user interface
- Network Forensics overview
- What is PX?
- Purpose of PX
- What is IA?
- Purpose of IA
- The breach response
- Analysis of breach response
- Network Forensics Deployment
- Network core
- Near network ingress and egress
- PX and NX in SPAN/TAP mode
- PX and NX in inline mode
- IA and PX relationship
- PX and IA
- Distributed IA deployment
- Network forensics: FireEye integrations
- PX Utilization
- Accessing the WebUI
- PX search
- Performing a search
- Search results
- Filter Builder
- Saving the search
- Saved searches
- Event based capture
- IA Utilization
- IA WebUI and dashboards
- Working with pcaps
Lessons are typically a blend of lecture and hands-on lab activities.
A working understanding of networking and network security, the Windows operating system, file system, registry, and use of the CLI.
Network security professionals, incident responders, and analysts.