Radiant

Training Overview

This training covers the Trellix Helix workflow, triaging Helix alerts, creating & scoping cases from an alert, & using Helix Threat Analytics during an investigation.

Duration: 2 days

Prerequisites

A working understanding of networking & network security, the Windows operating system, file system, registry, & use of the command line interface (CLI).

Audience Profile

Network security professionals, incident responders & Trellix administrators & analysts who use Threat Analytics to analyze data in noisy event streams.

Learning Objectives:

After completing this training, learners should be able to:

Determine which data sources are most useful for Helix detection & investigation
Search log events across the enterprise
Locate & use critical information in a Helix alert to assess a potential threat
Create a case from events of interest
Create & manage IAM users

Content Outline

Day 1

1. Helix Fundamentals

Introducing Helix
Features & Capabilities
Searching & pivoting
Event parsing
Custom dashboards

2. Search & Mandiant Query

Language (MQL)
Searchable fields
Anatomy of an MQL search
MQL search, directories, & transform clauses

Day 2

1. Data Source Selection & the MITRE ATT&CK framework

Data sources for detection & investigation
Attack models to frame data source selection
Using the MITRE ATT&CK framework
Mapping attacker activity to the stages of an APT attack

2. Rules & Lists

Best practices for writing rules
Creating & enabling rules
Creating & using lists
Using regular expressions in rules
Multi-stage rules

3. Initial Alerts

Helix alerts
Guided Investigations
Trellix Network Security alerts
MVX engine
Trellix Endpoint Security alerts
Triage with Triage Summary
Run searches across all hosts in the enterprise

4. Helix Case Management

Creating a case in Helix
Adding events to a case
Case workflow

FAQs

What is the role of Trellix Helix Enterprise?

Trellix Helix Enterprise integrates your security tools & augments them with next-generation security information & event management (SIEM), orchestration, & threat intelligence capabilities to capture the untapped potential of security investments.

What is a command-line interface?

A command-line interface (CLI) is a text-based user interface (UI) used to run programs, manage computer files & interact with the computer. Command-line interfaces are also called command-line user interfaces, console user interfaces & character user interfaces.

Who can attend this training?

Network security professionals, incident responders & Trellix administrators & analysts who use Threat Analytics to analyze data in noisy event streams.

What is MITRE Att&ck used for?

MITRE ATT&CK (Adversarial Tactics, Techniques & Common Knowledge) is a framework, set of data matrices, & assessment tool developed by MITRE Corporation to help organizations understand their security readiness & uncover vulnerabilities in their defenses.

How can we pay? Do you have a payment link?

You can buy online from the page by clicking on "Buy Now". You can view alternate payment methods on the payment options page.

Can I pay from the website?

Yes, professionals can pay from the training page.

Will I get a training completion certificate?

The training completion certification will be awarded to all the professionals who've completed the training program & the project assignment given by your instructor. You may use the certificate in your future job interviews will surely help you to l& your dream job.

Why should one prefer Radiant Techlearning?

Radiant believes in a practical & creative approach to training & development, which distinguishes it from other training & development platforms. Moreover, training is undertaken by some experts with a range of experience in their domain.

What if I/we have doubts after attending your training program?

Radiant team of experts will be available at e-mail support@radianttechlearning.com to answer your technical queries even after the training program.

Send a Message.

Enroll