Training Overview
This training covers the fundamentals of live analysis & investigation for endpoints with Trellix Endpoint Security (HX).
Duration: 3 days
Prerequisites
A working understanding of networking & network security, the Windows operating system, file system, registry & regular expressions. Scripting experience with Python or PowerShell is beneficial.
Audience Profile
Network security professionals & incident responders who must use Trellix Endpoint Security (HX) to investigate, identify & stop cyber threats, as well as security analysts who want to learn investigation techniques used to respond to today's cyber threats.
Learning Objectives:
After completing this training, learners should be able to:
- Describe methods of live analysis
- Use core analyst features of Endpoint Security (HX) such as alerting, enterprise search, & containing endpoints
- Validate & provide further context for Trellix alerts
- Demonstrate the ability to plan, execute & report on a digital investigation
- Analyze a Redline® triage package using a defined methodology
- Identify malicious activity hidden among common Windows events.
Content Outline
1. Threats & Malware Trends
- Threat Landscape
- Attack motivations
- MITRE ATT&CK framework
- Emerging threat actors
2. Initial Alerts
- Trellix Endpoint Security (HX) alerts
- Triage with Triage Summary
- Trellix Network Security alerts
- Identifying forensic artifacts in the OS Change detail
- Mapping artifacts in an alert to host activity
3. Using Audit Viewer & Redline®
- Access triage & data collections for hosts.
- Navigate a triage collection or acquisition using Redline® or Audit Viewer
- Apply tags & comments to a triage collection to identify key events
4. Windows Telemetry
- Live investigation overview
- Windows telemetry
– Memory artifacts
– System information
– Processes
– File system
– Configuration files
– Services
– Scheduled tasks
– Logging
- Choosing Data to acquire
1. Acquisitions
- Triage & real-time events
- Live system acquisitions
- Bulk Acquisitions
- Endpoint Security (HX) REST API
2. Endpoint Security (HX) extended capabilities
- Endpoint Security (HX) modules
- HXTool
1. Investigation Methodology
- MITRE ATT&CK framework
- Mapping evidence of attacker activity:
– Evidence of initial compromise
– Evidence of persistence
– Evidence of lateral movement
– Evidence of internal reconnaissance
– Evidence of data exfiltration
2. Capstone Capture the Flag (CTF)
FAQs
Endpoint security is a process of protecting devices like desktops, laptops, mobile phones, & tablets from malicious threats & cyberattacks. Endpoint security software allows businesses to protect devices that employees use for work, either on a network or in cloud, from cyber threats.
The MITRE ATT&CK® framework is a knowledge base of tactics & techniques designed for threat hunters, defenders & red teams to help classify attacks, identify attack attribution & objectives, & assess an organization's risk.
A working understanding of networking & network security, the Windows operating system, file system, registry & regular expressions. Scripting experience with Python or PowerShell is beneficial.
Yes, professionals can pay from the training page.
The training completion certification will be awarded to all the professionals who've completed the training program & the project assignment given by your instructor. You may use the certificate in your future job interviews will surely help you to l& your dream job.
Radiant believes in a practical & creative approach to training & development, which distinguishes it from other training & developmental platforms. Moreover, training is undertaken by some experts with a range of experience in their domain.
Radiant team of experts will be available at e-mail support@radianttechlearning.com to answer your technical queries even after the training program.
Yes, Radiant will provide you most updated high, value-relevant real-time projects & case studies in each training program.