This course covers the fundamentals of live analysis and investigation for endpoints with Trellix Endpoint Security (HX).
Hands-on activities span the entire investigations process, beginning with a Trellix-generated alert, leading to discovery and analysis of the host for evidence of malware and other unwanted intrusion. Analysis of computer systems will be performed using Trellix products and freely available tools.
Day 1
1. Threats and Malware Trends
2. Initial Alerts
3. Using Audit Viewer and Redline®
4. Windows Telemetry
Day 2
1. Acquisitions
2. Endpoint Security (HX) extended capabilities
Day 3
1. Investigation Methodology
2. Capstone Capture the Flag (CTF)
This course is intended for Network security professionals and incident responders who must use Endpoint Security (HX) to investigate, identify and stop cyber threats, as well as security analysts who want to learn investigation techniques used to respond to today’s cyber threats.
Students taking this course should have a working knowledge of Windows operating systems, networking and network security, file system, registry, and regular expressions. Scripting experience with Python or PowerShell is beneficial.
This course covers the fundamentals of live analysis and investigation for endpoints with Trellix Endpoint Security (HX).
Hands-on activities span the entire investigations process, beginning with a Trellix-generated alert, leading to discovery and analysis of the host for evidence of malware and other unwanted intrusion. Analysis of computer systems will be performed using Trellix products and freely available tools.
Day 1
1. Threats and Malware Trends
2. Initial Alerts
3. Using Audit Viewer and Redline®
4. Windows Telemetry
Day 2
1. Acquisitions
2. Endpoint Security (HX) extended capabilities
Day 3
1. Investigation Methodology
2. Capstone Capture the Flag (CTF)
This course is intended for Network security professionals and incident responders who must use Endpoint Security (HX) to investigate, identify and stop cyber threats, as well as security analysts who want to learn investigation techniques used to respond to today’s cyber threats.
Students taking this course should have a working knowledge of Windows operating systems, networking and network security, file system, registry, and regular expressions. Scripting experience with Python or PowerShell is beneficial.