Cisco træning

Insoft Services er en af de få uddannelsesudbydere i EMEAR, der tilbyder hele spektret af Cisco-certificering og specialiseret teknologiuddannelse.

Lær hvordan

Cisco-certificeringer

Oplev en blandet læringsmetode, der kombinerer det bedste fra instruktørstyret træning og e-læring i eget tempo for at hjælpe dig med at forberede dig til din certificeringseksamen.

Lær hvordan

Cisco Learning Credits

Cisco Learning Credits (CLCs) er forudbetalte træningskuponer, der indløses direkte med Cisco, og som gør det nemmere at planlægge din succes, når du køber Cisco-produkter og -tjenester.

Lær hvordan

Cisco Efteruddannelse

Cisco Continuing Education Program tilbyder alle aktive certificeringsindehavere fleksible muligheder for at gencertificere ved at gennemføre en række kvalificerede træningselementer.

Lær hvordan

Cisco Digital Learning

Certificerede medarbejdere er VÆRDSATTE aktiver. Udforsk Ciscos officielle digitale læringsbibliotek for at uddanne dig selv gennem optagede sessioner.

Lær hvordan

Cisco Business Enablement

Cisco Business Enablement Partner Program fokuserer på at skærpe Cisco Channel Partners og kunders forretningsmæssige færdigheder.

Lær hvordan

Cisco kursuskatalog

Lær hvordan

Fortinet-certificeringer

Fortinet Network Security Expert (NSE) -programmet er et otte-niveau uddannelses- og certificeringsprogram for at undervise ingeniører i deres netværkssikkerhed for Fortinet FW-færdigheder og erfaring.

Lær hvordan

Fortinet træning

Insoft er anerkendt som Autoriseret Fortinet Training Center på udvalgte steder på tværs af EMEA.

Tekniske kurser

Fortinet kursuskatalog

Udforsk hele Fortinet-træningskataloget. Programmet omfatter en bred vifte af selvstændige og instruktørledede kurser.

Lær hvordan

ATC-status

Tjek vores ATC-status på tværs af udvalgte lande i Europa.

Lær hvordan

Fortinet Professionelle Services

Globalt anerkendte team af certificerede eksperter hjælper dig med at gøre en mere jævn overgang med vores foruddefinerede konsulent-, installations- og migreringspakker til en lang række Fortinet-produkter.

Lær hvordan

Microsoft træning

Insoft Services tilbyder Microsoft-undervisning i EMEAR. Vi tilbyder Microsoft tekniske kurser og certificeringskurser, der ledes af instruktører i verdensklasse.

Tekniske kurser

Extreme træning

Find all the Extreme Networks online and instructor led class room based calendar here.

Tekniske kurser

Tekniske certificeringer

Vi leverer omfattende læseplan for tekniske kompetencefærdigheder på certificeringspræstationen.

Lær hvordan

Extreme kursuskatalog

Lær hvordan

ATP-akkreditering

Som autoriseret uddannelsespartner (ATP) sikrer Insoft Services, at du får de højeste uddannelsesstandarder, der findes.

Lær hvordan

Løsninger og tjenester

Vi leverer innovativ og avanceret support til design, implementering og optimering af IT-løsninger. Vores kundebase omfatter nogle af de største Telcos globalt.

Lær hvordan

Globalt anerkendte team af certificerede eksperter hjælper dig med at gøre en mere jævn overgang med vores foruddefinerede konsulent-, installations- og migreringspakker til en lang række Fortinet-produkter.

Om os

Insoft tilbyder autoriseret uddannelses- og konsulentbistand til udvalgte IP-leverandører. Få mere at vide om, hvordan vi revolutionerer branchen.

Lær hvordan
  • +45 32 70 99 90
  • Network Traffic Analysis with Network Forensics

    Duration
    2 Dage
    Delivery
    (Online Og På stedet)
    Price
    Pris på forespørgsel

    This course covers the fundamentals and concepts of network traffic analysis—how to search, filter, analyze, reconstruct, and preserve network traffic; and how to apply techniques learned to conduct a network forensics investigation utilizing the Trellix Network Forensics solution.

     

    Hands-on activities include building an analysis dashboard, executing queries, filtering results, and reconstructing network traffic. On Day 2, learners will pursue an alert and identify anomalies in network traffic to uncover and document indicators of compromise (IOCs) that build a case for a real-world advanced threat.

    • Describe networking models, network data, critical application protocols, network flow, and common attacks on protocols
    • Perform network traffic analysis and investigations using Trellix Network Forensics
    • Customize the analysis environment with dashboards, network visualizations, scheduled queries, and lists
    • Reconstruct carved artifacts/files from network packet data and submit them for malware analysis
    • Investigate an advanced persistent threat (APT) attack based on aggregated alerts and network traffic anomalies

    Day 1: Fundamentals

    Appliance Overview and Network Placement

    • Trellix Packet Capture
    • Trellix Investigation Analysis
    • Analysis workflow example
    • The Trellix Packet Capture and Trellix Investigation Analysis relationship
    • Common deployments

    Network Traffic Analysis Foundations

    • Network models and encapsulation: TCP/IP, UDP
    • The three-way handshake
    • Network forensics data
    • Packet captures
    • Flow data
    • Network flow analysis
    • Critical application protocols
    • Protocols in the TCP/IP stack
    • Common attacks on protocols

    Queries, Reconstruction and Alerts with Investigation Analysis

    • Working with dashboards
    • Searching for network data
    • Constructing queries
    • Network metadata analysis
    • Stacking metadata
    • Filtering traffic using network metadata
    • Scheduling queries and reporting
    • Lists
    • Extracting endpoint information
    • Trellix alerts from integrated appliances
    • Configuring event-based capture rule sets
    • Working with rule sets
    • Network data reconstruction

    Day 2: Investigation Workshop

    Network Investigation Scenario

    • Investigation tools
    • Six steps of an attack
    • Common indicators of compromise
    • Threat group overview
    • Trellix Network Forensics investigations
    • Documenting the investigation
    • Threat group intelligence
    • Attack phases covered in class
    • Investigation labs overview

    Starting with Leads

    • Alerts on Trellix Investigation Analysis
    • Alerts on Trellix Network Security
    • Unusual HTTP user agents
    • Unusual POST requests
    • Trellix Investigation Analysis components
    • Other possible leads

    Investigating the Leads

    • Dive deeper
    • HTTP artifacts analysis
    • Encrypted flows
    • Email analysis

    Investigation Summary and Conclusions

    • Investigation summary
    • Stages of the attack
    • Creating a case

    Network security professionals and incident responders who use Trellix Packet Capture and Investigation Analysis appliances to analyze cyber threats through packet data.

    A working understanding of networking and network security, knowledge of Wireshark recommended.

    This course covers the fundamentals and concepts of network traffic analysis—how to search, filter, analyze, reconstruct, and preserve network traffic; and how to apply techniques learned to conduct a network forensics investigation utilizing the Trellix Network Forensics solution.

     

    Hands-on activities include building an analysis dashboard, executing queries, filtering results, and reconstructing network traffic. On Day 2, learners will pursue an alert and identify anomalies in network traffic to uncover and document indicators of compromise (IOCs) that build a case for a real-world advanced threat.

    • Describe networking models, network data, critical application protocols, network flow, and common attacks on protocols
    • Perform network traffic analysis and investigations using Trellix Network Forensics
    • Customize the analysis environment with dashboards, network visualizations, scheduled queries, and lists
    • Reconstruct carved artifacts/files from network packet data and submit them for malware analysis
    • Investigate an advanced persistent threat (APT) attack based on aggregated alerts and network traffic anomalies

    Day 1: Fundamentals

    Appliance Overview and Network Placement

    • Trellix Packet Capture
    • Trellix Investigation Analysis
    • Analysis workflow example
    • The Trellix Packet Capture and Trellix Investigation Analysis relationship
    • Common deployments

    Network Traffic Analysis Foundations

    • Network models and encapsulation: TCP/IP, UDP
    • The three-way handshake
    • Network forensics data
    • Packet captures
    • Flow data
    • Network flow analysis
    • Critical application protocols
    • Protocols in the TCP/IP stack
    • Common attacks on protocols

    Queries, Reconstruction and Alerts with Investigation Analysis

    • Working with dashboards
    • Searching for network data
    • Constructing queries
    • Network metadata analysis
    • Stacking metadata
    • Filtering traffic using network metadata
    • Scheduling queries and reporting
    • Lists
    • Extracting endpoint information
    • Trellix alerts from integrated appliances
    • Configuring event-based capture rule sets
    • Working with rule sets
    • Network data reconstruction

    Day 2: Investigation Workshop

    Network Investigation Scenario

    • Investigation tools
    • Six steps of an attack
    • Common indicators of compromise
    • Threat group overview
    • Trellix Network Forensics investigations
    • Documenting the investigation
    • Threat group intelligence
    • Attack phases covered in class
    • Investigation labs overview

    Starting with Leads

    • Alerts on Trellix Investigation Analysis
    • Alerts on Trellix Network Security
    • Unusual HTTP user agents
    • Unusual POST requests
    • Trellix Investigation Analysis components
    • Other possible leads

    Investigating the Leads

    • Dive deeper
    • HTTP artifacts analysis
    • Encrypted flows
    • Email analysis

    Investigation Summary and Conclusions

    • Investigation summary
    • Stages of the attack
    • Creating a case

    Network security professionals and incident responders who use Trellix Packet Capture and Investigation Analysis appliances to analyze cyber threats through packet data.

    A working understanding of networking and network security, knowledge of Wireshark recommended.

      Kommende datoer
      Dato på anmodning

    Follow Up Courses

    Filtrer
    • 2 Dage
      Dato på anmodning
      Price on Request
      Book Now
    • 3 Dage
      Dato på anmodning
      Price on Request
      Book Now
    • 4 Dage
      Dato på anmodning
      Price on Request
      Book Now
    • 4 Dage
      Dato på anmodning
      Price on Request
      Book Now
    • 4 Dage
      Dato på anmodning
      Price on Request
      Book Now
    • 1 Dag
      Dato på anmodning
      Price on Request
      Book Now
    • 4 Dage
      Dato på anmodning
      Price on Request
      Book Now
    • 2 Dage
      Dato på anmodning
      Price on Request
      Book Now
    • 4 Dage
      Dato på anmodning
      Price on Request
      Book Now
    • 5 Dage
      Dato på anmodning
      Price on Request
      Book Now

    Know someone who´d be interested in this course?
    Let them know...

    Use the hashtag #InsoftLearning to talk about this course and find students like you on social media.