Alert Analysis & Investigations with Network Security

1. Threats & Malware Trends

• ƒ Threat landscape
• ƒ Attack motivations
• ƒ MITRE ATT&CK framework
• ƒ Emerging threat actors

2. Initial Alerts

• Endpoint Security (HX) alerts
• Triage with Triage Summary
• Network Security Alerts
• Identifying forensic artifacts in the OS Change Detail

3. MVX Alerts

• Trellix alert types
• Identifying forensic artifacts in the OS Change Detail
• Callbacks
• SmartVision
• Threat assessment

1. Using Audit Viewer & Redline®

• Access triage & data collection for hosts
• Navigate a triage collection or acquisition using Redline® or Audit Viewer

• Apply tags & comments to a triage collection to identify key events

2. Windows Telemetry & Acquisitions

• Live forensic overview
• Windows telemetry

– Memory artifacts

– System information

– Processes

– File system

– Configuration files

– Services

– Scheduled tasks

– Logging

• Acquiring data

1. Investigation Methodology

• Areas of Evidence
• MITRE ATT&CK framework
• Mapping Evidence of attacker activity

– Evidence of initial compromise

– Evidence of persistence

– Evidence of lateral movement

– Evidence of internal reconnaissance

– Evidence of data exfiltration

2. Capstone: Capture the Flag (CTF)

This three-day training examines how to triage alerts generated by Trellix Network Security, derive actionable information from those alerts, & apply the fundamentals of live analysis & investigation to investigate associated endpoints.

Endpoint Detection & Response (EDR), also referred to as endpoint detection & threat response (EDTR), is an endpoint security solution that continuously monitors end user devices to detect & respond to cyber threats like ransomware & malware.

Security analysts, incident responders, & network security professionals who use Trellix Network Security to detect, investigate, & prevent cyber threats

Yes, you can.

We use the best standards in Internet security. Any data retained isn't shared with third parties

It is recommended but not mandatory. Being acquainted with the primary training material will enable professionals & the trainer to move at the desired pace during classes. You can access training for most vendors

You can buy online from the page by clicking on "Buy Now". You can view alternate payment methods on the payment options page.

Yes, professionals can pay from the training page.

The training completion certification will be awarded to all the professionals who've completed the training program & the project assignment given by your instructor. You may use the certificate in your future job interviews will surely help you to l& your dream job.