This course examines how to triage alerts generated by Trellix Network Security, derive actionable information from those alerts, and apply the fundamentals of live analysis and investigation to investigate associated endpoints.
Hands-on activities span the entire analysis and live investigation process, beginning with a Trellix-generated alert, leading to discovery and analysis of the host for evidence of malware and other unwanted intrusion. Analysis will be performed using Trellix products and freely available tools.
Day 1
Threats and Malware Trends
Initial Alerts
MVX Alerts
Day 2
Using Audit Viewer and Redline®
Windows Telemetry and Acquisitions
Day 3
Investigation Methodology
Capstone: Capture the Flag (CTF)
This course is intended for Security analysts, incident responders, and network security professionals who use Network Security to detect, investigate, and prevent cyber threats.
Students taking this course should have a working knowledge of networking and network security, the Windows operating system, file system, registry and regular expressions, and experience scripting in Python.
This course examines how to triage alerts generated by Trellix Network Security, derive actionable information from those alerts, and apply the fundamentals of live analysis and investigation to investigate associated endpoints.
Hands-on activities span the entire analysis and live investigation process, beginning with a Trellix-generated alert, leading to discovery and analysis of the host for evidence of malware and other unwanted intrusion. Analysis will be performed using Trellix products and freely available tools.
Day 1
Threats and Malware Trends
Initial Alerts
MVX Alerts
Day 2
Using Audit Viewer and Redline®
Windows Telemetry and Acquisitions
Day 3
Investigation Methodology
Capstone: Capture the Flag (CTF)
This course is intended for Security analysts, incident responders, and network security professionals who use Network Security to detect, investigate, and prevent cyber threats.
Students taking this course should have a working knowledge of networking and network security, the Windows operating system, file system, registry and regular expressions, and experience scripting in Python.