Alert Analysis & Investigations with Network & Endpoint Security

1. Threats & Malware Trends

• Threat Landscape
• Attack motivations
• MITRE ATT&CK framework
• Emerging threat actors

2. Initial Alerts

• Endpoint Security (HX) alerts
• Triage with Triage Summary
• Network Security alerts
• Identifying forensic artifacts in the OS Change Detail

3. MVX Alerts

• Trellix alert types
• Identifying forensic artifacts in the OS Change Detail
• Callbacks
• SmartVision
• Threat assessment

1. Using Audit Viewer & Redline®

• Access triage & data collection for hosts
• Navigate a triage collection or acquisition using Redline® or Audit Viewer
• Apply tags & comments to a triage collection to identify key events

2. Windows Telemetry & Acquisitions

• Live forensic overview
• Windows telemetry
  • Memory artifacts
  • System information
  • Processes
  • File system
  • Configuration files
  • Services
  • Scheduled tasks
  • Logging
• Acquiring data

1. Acquisitions

• Triage & real-time events
• Live system acquisitions
• Bulk acquisitions
• Endpoint Security (HX)
• REST API

2. Modules

• Administration
• Detection & Protection
• Response

1. Investigation Methodology

• MITRE ATT&CK framework
• Mapping evidence of attacker activity
  • Evidence of initial compromise
  • Evidence of persistence
  • Evidence of lateral movement
  • Evidence of internal reconnaissance
  • Evidence of data exfiltration

This four-day training examines how to triage alerts generated by the Trellix Network Security & Endpoint Security (HX) platforms, derive actionable information from those alerts, & inspect affected endpoints using live analysis & investigation fundamentals.

Trellix Endpoint Security (ENS) protects the productivity of users with a common service layer & our new anti-malware core engine that helps minimize the number of resources & power required by a user's system.

After completing this training, learners should be able to:

• Recognize current malware threats & trends
• Interpret alerts from Network Security & Endpoint Security (HX) products
• Locate & use critical information in Trellix alerts to assess a potential threat
• Define indicators of compromise based on an alert & identify compromise host        
• Describe methods of live analysis
• Create & request data acquisitions to conduct an investigation

A working understanding of networking & network security, the Windows operating system, file system, registry & regular expressions, & experience scripting in Python

Radiant Tech Learning has a data centre containing a Virtual Training environment for the purpose of professional hand-on-practice. Professionals can easily access these labs over Cloud with the help of a remote desktop connection. Radiant virtual labs provide you with the flexibility to learn from anywhere in the world & at any time.

The learners will be enthralled as we engage them the real-world & Oriented industry projects during the training program. These projects will improve your skills & knowledge, & you will gain a better experience. These real-time projects will help you a lot in your future tasks & assignments

 You can request a refund if you do not wish to enroll in the training.

Radiant has highly intensive selection criteria for Technology Trainers & Professionals who deliver training programs. Our trainers & professionals undergo rigorous technical & behavioural interview & assessment processes before they are on-boarded in the company.

Our Technology experts/trainers & professionals carry deep-dive knowledge in the technical subject & are certified by the OEM.

Our training programs are practically oriented with 70% – 80% hands-on training technology tools. Our training program focuses on one on one interaction with each professional, the latest content in the curriculum, real-time projects & case studies during the training program.

Our faculty will provide you with the knowledge of each training from the fundamental level in an easy way & you are free to ask your doubts any time from your respective faculty.

Our trainers have patience & ability to explain difficult concepts in a simplistic way with depth & width of knowledge.

To ensure quality learning, we provide a support session even after the training program.