Training Overview
This training is designed to prepare learners to perform alert triage from MVX engine analysis using the Trellix Malware Analysis appliance
Duration: 1 day
Prerequisites
A working understanding of networking & network security, the Windows operating system, file system, registry, & use of the command line interface (CLI).
Audience Profile
Security professionals & incident responders who use Trellix Malware Analysis to detect, investigate, & prevent cyber threats.
Learning Objectives:
After completing this training, learners should be able to:
- Describe malware behaviours, stages of attack (malware lifecycle) and current trends in the threat landscape
- Explain the process & initial steps of conducting malware analysis
- Differentiate between static & dynamic analysis
- Understand the features & functions of the Malware Analysis appliance
- Submit malware samples to the appliance for deep analysis & alert triage
- Locate & use critical information in analysis results to assess a potential threat
- Identify indicators of compromise in analysis results
- Examine the use of YARA rules on Trellix appliances
Content Outline
- Malware overview & definition
- Motivations of malware
- MITRE ATT&CK framework
- Types of malware
- Emerging threat actors
- Features & benefits
- Deployment & analysis modes
- Configure batch Malware Analysis
- Manually submit malware for analysis
- Review analysis results
- APIs
- File & folder actions
- Code injection
- Processes
- Mutexes
- Windows Registry events
- Network access
- User Account Access (UAC)
FAQs
After completing this training, learners should be able to:
- Describe malware behaviours, stages of attack (malware lifecycle) and current trends in the threat landscape
- Explain the process & initial steps of conducting malware analysis
- Differentiate between static & dynamic analysis
- Understand the features & functions of the Malware Analysis appliance
- Submit malware samples to the appliance for deep analysis & alert triage
- Locate & use critical information in analysis results to assess a potential threat
YARA rules analyze & detect potentially malicious textual or binary patterns within an email body, header, or attachment. Rules you write in a YARA file can be uploaded to the Email Cloud Web UI & assigned to a domain. YARA rules can be configured to monitor, alert, or alert & quarantine when email matches the patterns you specify in a YARA file.
You can use a Mutex object to give exclusive access to a resource. The Mutex class utilizes more system resources than Monitor class, but it can be marshalled across the application domain boundaries; it can also be used with multiple waits, & it can be used to synchronize threads in different processes.
Yes, you can.
We use the best standards in Internet security. Any data retained isn't shared with third parties.
It is recommended but not mandatory. Being acquainted with the primary training material will enable professionals & the trainer to move at the desired pace during classes. You can access training for most vendors.
You can buy online from the page by clicking on "Buy Now". You can view alternate payment methods on the payment options page.
Yes, professionals can pay from the training page.
he training completion certification will be awarded to all the professionals who've completed the training program & the project assignment given by your instructor. You may use the certificate in your future job interviews will surely help you to l& your dream job