Network Traffic Analysis with Network Forensics

1. Appliance Overview & Network Placement

• Trellix Packet Capture
• Trellix Investigation Analysis
• Analysis workflow example
• The Trellix Packet Capture and Trellix Investigation
• Analysis relationship
• Common deployments

2. Network Traffic Analysis Foundations

• Network models & encapsulation: TCP/IP, UDP
• The three-way handshake
• Network forensics data
• Packet captures
• Flow data
• Network flow analysis
• Critical application protocols
• Protocols in the TCP/IP stack
• Common attacks on protocols

3. Queries, Reconstruction & Alerts with Investigation Analysis

• Working with dashboards
• Searching for network data
• Constructing queries
• Network metadata analysis
• Stacking metadata
• Filtering traffic using network metadata
• Scheduling queries & reporting Lists
• Extracting endpoint information
• Trellix alerts from integrated appliances
• Configuring event-based capture rule sets
• Working with rule sets
• Network data reconstruction

1. Network Investigation Scenario

• Investigation tools
• Six steps of an attack
• Common indicators of compromise
• Threat group overview
• Trellix Network Forensic investigations
• Documenting the investigation
• Threat group intelligence
• Attack phases covered in class
• Investigation labs overview

2. Starting with Leads

• Alerts on Trellix Investigation
• Analysis
• Alerts on Trellix Network Security
• Unusual HTTP user agents
• Unusual POST requests
• Trellix Investigation Analysis components
• Other possible leads

3. Investigating the Leads

• Dive deeper
• HTTP artifacts analysis
• Encrypted flows
• Email analysis

4. Investigation Summary & Conclusions

• Investigation summary
• Stages of the attack
• Creating a case

This training covers the fundamentals & concepts of network traffic analysis—how to search, filter, analyze, reconstruct, & preserve network traffic; & how to apply techniques learned to conduct a network forensics investigation utilizing the Trellix Network Forensics solution.

After completing this training, learners should be able to:

• Describe networking models, network data, critical application protocols, network flow, & common attacks on protocols
• Perform network traffic analysis & investigations using Trellix Network Forensics
• Customize the analysis environment with dashboards, network visualizations, scheduled queries, & lists
• Reconstruct carved artifacts/files from network packet data & submit them for malware analysis

Trellix Network Forensics pairs the industry's fastest lossless network data capture & retrieval solution with centralized analysis & visualization. It accelerates the network forensics process with a single workbench that simplifies investigations & reduces risk.

A working understanding of networking & network security and knowledge of Wireshark are recommended.

To attend the training session, you should've operational Desktops or Laptops with the required specifications, along with a decent internet connection to access the labs.

We'd always recommend you attend the live session to practice & clarify the doubts instantly & get more value from your investment. However, if, due to some contingency if you've to skip the class, Radiant Tech Learning will help you with the recorded session of that particular day. However, those recorded sessions are not meant only for personal consumption & NOT for distribution or any commercial use.

Yes, you can.

Radiant has highly intensive selection criteria for Technology Trainers & Professionals who deliver training programs. Our trainers & professionals undergo rigorous technical & behavioural interview & assessment processes before they are on-boarded in the company.

Our Technology experts/trainers & professionals carry deep-dive knowledge in the technical subject & are certified by the OEM.

Our training programs are practically oriented with 70% – 80% hands-on training technology tools. Our training program focuses on one on one interaction with each professional, the latest content in the curriculum, real-time projects & case studies during the training program.

Our faculty will provide you with the knowledge of each training from the fundamental level in an easy way & you are free to ask your doubts any time from your respective faculty.

Our trainers have patience & ability to explain difficult concepts in a simplistic way with depth & width of knowledge.

To ensure quality learning, we provide a support session even after the training program.