Network Forensics (PX Series) Utilization and Investigation Analysis (IA Series) [ILT]

Version 23

    Courses cannot be purchased or accessed from this site. If you would like to register for this course, please contact your FireEye account manager.

    This information is also available as a downloadable data sheet.

    FireEye Network Forensics (PX Series) and Investigation Analysis (IA Series) are a powerful combination, pairing the industry's fastest lossless network data capture and retrieval solution with centralized analysis and visualization. PX and IA accelerate the network forensics process with a single workbench that simplifies investigations and reduces risk with expanded visibility into lateral spread.

     

    This one-day course begins with an overview of PX and IA, including common deployment scenarios in a typical network. The PX Utilization module covers end-user tasks, including searching and filtering captured data and the reconstruction of sessions from captured packet data. The IA Utilization module addresses query construction for searching indexed layer-7 data, visualizing parallel queries, filtering of resulting data, along with extracting pcap files from connected PX systems.

     

    The course materials include an intuitive administration reference section that covers readiness of both PX and IA systems, integration between them, and other daily administration tasks.

     


     

    Course Objectives

    Upon completion of the course the learner should be able to:

    • Describe PX
    • Describe IA
    • Illustrate how PX is deployed
    • Illustrate how IA is deployed
    • Search and filter connection and session data using PX
    • Reconstruct session data for a malicious breach using PX
    • Construct layer-7 search queries and filter results using IA
    • Extract pcap data from PX using the IA user interface

     

    Course Outline

    1. Network Forensics overview
      • What is PX?
      • Purpose of PX
      • What is IA?
      • Purpose of IA
      • The breach response
      • Analysis of breach response
    2. Network Forensics Deployment
      • Network core
      • Near network ingress and egress
      • PX and NX in SPAN/TAP mode
      • PX and NX in inline mode
      • IA and PX relationship
      • PX and IA
      • Distributed IA deployment
      • Network forensics: FireEye integrations
    3. PX Utilization
      • Accessing the WebUI
      • PX search
      • Performing a search
      • Search results
      • Filtering
      • Filter Builder
      • Saving the search
      • Saved searches
      • Event based capture
    4. IA Utilization
      • IA WebUI and dashboards
      • Queries
      • Alerts
      • Working with pcaps

     

    Lessons are typically a blend of lecture and hands-on lab activities.

     

    Prerequisites

    A working understanding of networking and network security, the Windows operating system, file system, registry, and use of the CLI.

     

    Target Audience

    Network security professionals, incident responders, and analysts.