FireEye Security Orchestrator (FSO) helps you improve response times, reduce risk exposure, and maintain process consistency across your security program. It unifies disparate technologies and incident handling processes into a single console that codifies experiences from the frontlines to deliver real-time guided responses.
This self-paced online course provides an introduction to the FireEye Security Orchestrator product, including plug-ins used to interface with external applications, courses of action (COA) used to for security process implementation, and managing cases generated from a COA.
Upon completion of the course the learner should be able to:
- Provide an overview of FSO
- Describe the components that enable FSO to interface with external applications
- Provide an analysis of a COA by describing the function of each component of the COA
- Manage cases that are generated as a result of the execution of a COA
- Tier 1 and Tier 2 security managers, incident responders, and/or analysts
- FSO Overview
- What is FSO?
- Benefits of orchestration
- FSO architecture and components
- Logging into the FSO Web UI
- The FSO dashboard
- FSO Web UI Pages Overview
- Interfacing With External Applications
- Demo: Configuring FSO to interface with external applications
- Characteristics of a plug-in
- Plug-In commands
- Verify commands
- Create a device
- Create an adapter
- Courses of Action
- COA components
- Demo: Configuring a simple COA
- The Abuse Mailbox example
- Device tasks
- Operator-initiated tasks
- Gateways and conditions
- Managing Cases
- Demo: Triggering a COA and viewing case results
- Case summary components
- Case detail panels
- Detailed case information
- Tasks views and Flows views
Students should have:
- completed at least one of FireEye’s Deployment courses (ILT or eLearning) or possess experience administrating one of FireEye’s appliances
- familiarity with networking, network security
This course is self-paced, so duration may vary. On average, this course should take about two to three hours to complete. The course does not need to be completed in a single sitting.
This course was designed to work in all modern desktop browsers (Chrome, Firefox, Safari, Internet Explorer 10+, Microsoft Edge) and tablets (such as iPad). While it may work on mobile phones, we do not officially support phones and suggest using a desktop or tablet to view the course.
Please contact your FireEye account manager for details.