Trellix XDR

Training Overview

This four-day primer on Helix, Network, & Endpoint covers the XDR workflow, extended detection via Trellix Helix, Trellix Network Security, & Trellix Endpoint Security (HX), & investigation & response using Helix, Network, & Endpoint tools.

Duration: 4 days

Prerequisites

It is recommended that professionals have a working knowledge of Microsoft Windows administration, system administration concepts, a basic understanding of computer security concepts, & a general understanding of Internet services.

Audience Profile

Incident response team members, threat hunters & information security professionals.

Learning Objectives:

After completing this training, learners should be able to:

  • Identify the components needed to deploy Trellix Helix, Network
  • Security & Endpoint Security (HX)
  • Determine which data sources are most useful for Helix detection & investigation
  • Locate & use critical information in a Helix alert to assess a potential threat
  • Comfortably pivot from the Helix web console to native Trellix tools for deep analysis
  • Validate Network Security & Endpoint Security (HX) alerts
  • Use specialized features of Network Security & Endpoint Security
  • (HX) to investigate & respond to potential threats across enterprise systems & endpoints. 

Content Outline

  1. Helix overview
  2. Features & Capabilities
  3. Searching & pivoting
  4. 3rd party data sources
  5. Custom dashboards
  1. Language (MQL), & Lists
  2. Searchable fields
  3. Anatomy of an MQL search
  4. MQL search, directive, & transform clauses
  5. Creating & using lists

Helix Fundamentals

  1. Helix overview
  2. Features & Capabilities
  3. Searching & pivoting
  4. 3rd party data sources
  5. Custom dashboards

Search, Mandiant Query

  1. Language (MQL), & Lists
  2. Searchable fields
  3. Anatomy of an MQL search
  4. MQL search, directive, & transform clauses
  5. Creating & using lists

Rules

  1. Creating & enabling rules
  2. Using regular expressions in rules
  3. Helix analytics
  4. Multi-stage rules

Initial Alerts

  1. Helix alerts
  2. Guided investigations
  3. Endpoint Security (HX) alerts

 Network Security alerts

  1. Helix Case Management
  1. Creating a case in Helix
  2. Adding events to a case
  3. Case workflow

Data Sources, Trends & the

  1. Attack Lifecycle
  2. Threat Landscape
  3. Attack motivations
  4. MITRE ATT&CK framework
  5. Emerging threat actors

Using Audit Viewer & Redline®

  1. Access triage & data collection for hosts
  2. Navigate a triage collection or acquisition using Audit Viewer
  3. Apply tags & comments to a triage collection to identify key events

Windows telemetry and

  1. acquisitions
  2. Live forensic overview
  3. Windows telemetry
    1. Memory artefacts
    2. System information
    3. Processes
    4. File system
    5. Configuration files
    6. Services
    7. Scheduled tasks
    8. Logging
  4. Acquiring data

Investigation Methodology

  1. MITRE ATT&CK framework
  2. Mapping evidence of attacker activity
    1. Evidence of initial compromise
    2. Evidence of persistence
    3. Evidence of lateral movement
    4. Evidence of internal reconnaissance
    5. Evidence of data exfiltration

Capstone: Capture the Flag (CTF)

FAQs

Trellix Endpoint Security (ENS) protects the productivity of users with a common service layer & our new anti malware core engine that aids in reducing the number of resources & power required by a user's system.

Extended Detection & Response (XDR) primary advantages are:

  • Improvised protection, detection, & response capabilities.
  • Improvised productivity of operational security personnel.
  • Lower total cost of ownership for the effective detection & response to security threats.

Extended detection & response (XDR) collects threat data from previously siloed security tools across an organization's technology stack for easier & faster investigation, threat hunting, & response. An XDR platform can collect security telemetry from endpoints, cloud workloads, network email, & more.

The MITRE ATT&CK® framework is a knowledge base of tactics & techniques designed for threat hunters, defenders & red teams to help classify attacks, identify attack attribution & objectives, & assess an organization's risk.

Radiant Tech Learning has a data center that has the Virtual Training environment for the purpose of professional hand-on-practice. Professionals can easily access these labs over Cloud with the help of a remote desktop connection. Radiant virtual labs provide you with the flexibility to learn from anywhere in the world & at any time.

The learners will be enthralled as we engage them the real-world & Oriented industry projects during the training program. These projects will improve your skills & knowledge, & you will gain a better experience. These real-time projects will help you a lot in your future tasks & assignments.

You can request a refund if you do not wish to enroll in the training.

Radiant has highly intensive selection criteria for Technology Trainers & Professionals who deliver training programs. Our trainers & professionals undergo rigorous technical & behavioural interview & assessment processes before they are on-boarded in the company.

Our Technology experts/trainers & professionals carry deep-dive knowledge in the technical subject & are certified by the OEM.

Our training programs are practically oriented with 70% – 80% hands-on training technology tools. Our training program focuses on one on one interaction with each professional, the latest content in the curriculum, real-time projects & case studies during the training program.

Our faculty will provide you with the knowledge of each training from the fundamental level in an easy way & you are free to ask your doubts any time from your respective faculty.

Our trainers have patience & ability to explain difficult concepts in a simplistic way with depth & width of knowledge.

To ensure quality learning, we provide a support session even after the training program.

Send a Message.


  • Enroll