This course examines how to triage alerts generated by the Trellix Network Security and Endpoint Security (HX) platforms, derive actionable information from those alerts, and inspect affected endpoints using live analysis and investigation fundamentals.Hands-on activities span the entire analysis and live investigation process, beginning with a Trellix-generated alert, leading to discovery and analysis of the host for evidence of malware and other unwanted intrusion. Endpoint analysis focuses on investigation techniques using features of Endpoint Security (HX), such as the Triage Summary, Audit Viewer, and Acquisitions.
Day 1
Threats and Malware Trends
Initial Alerts
MVX Alerts
Day 2
Using Audit Viewer and Redline®
Windows Telemetry and Acquisitions
Day 3
Acquisitions
Modules
Day 4
Investigation Methodology
Capstone: Capture the Flag (CTF)
This course is intended for security analysts, incident responders, and threat hunters who use Network Security or Endpoint Security (HX) to detect, investigate, and prevent cyber threats.
Students taking this course should have a working knowledge of Windows operating systems, networking and network security, file system, registry and regular expressions, and experience scripting in Python.
This course examines how to triage alerts generated by the Trellix Network Security and Endpoint Security (HX) platforms, derive actionable information from those alerts, and inspect affected endpoints using live analysis and investigation fundamentals.Hands-on activities span the entire analysis and live investigation process, beginning with a Trellix-generated alert, leading to discovery and analysis of the host for evidence of malware and other unwanted intrusion. Endpoint analysis focuses on investigation techniques using features of Endpoint Security (HX), such as the Triage Summary, Audit Viewer, and Acquisitions.
Day 1
Threats and Malware Trends
Initial Alerts
MVX Alerts
Day 2
Using Audit Viewer and Redline®
Windows Telemetry and Acquisitions
Day 3
Acquisitions
Modules
Day 4
Investigation Methodology
Capstone: Capture the Flag (CTF)
This course is intended for security analysts, incident responders, and threat hunters who use Network Security or Endpoint Security (HX) to detect, investigate, and prevent cyber threats.
Students taking this course should have a working knowledge of Windows operating systems, networking and network security, file system, registry and regular expressions, and experience scripting in Python.