This course covers the XDR workflow, including configuring data sources through extended detection via Trellix Helix, Trellix Network Security, and Trellix Endpoint Security (HX). Learners triage Trellix-generated alerts, derive actionable information from those alerts, and inspect affected endpoints using live analysis and investigation fundamentals.
Hands-on activities include writing TQL searches, creating rules, analyzing and validating alerts from Helix, Network Security, and Endpoint Security (HX), deep analysis of endpoint data collections, and response actions through Endpoint Security (HX) such as collecting data from across the enterprise and containing endpoints.
Day 1
Helix Fundamentals
Data Sources
Custom Dashboards, Reports, and Lists
Search and Trellix Query
Day 2
Rules
Initial Alerts
Helix Case Management
Day 3
Data Sources, Trends, and the Attack Lifecycle
Using Audit Viewer and Redline®
Windows Telemetry and Acquisitions
Day 4
Investigation Methodology
Capstone: Capture the Flag (CTF)
Security analysts, incident responders, and threat hunters who use Helix, Network Security and Endpoint Security (HX) to detect, investigate, and prevent cyber threats.
Students taking this course should have a working understanding of networking and network security, the Windows operating system, file system, registry, and use of the command line interface (CLI).
This course covers the XDR workflow, including configuring data sources through extended detection via Trellix Helix, Trellix Network Security, and Trellix Endpoint Security (HX). Learners triage Trellix-generated alerts, derive actionable information from those alerts, and inspect affected endpoints using live analysis and investigation fundamentals.
Hands-on activities include writing TQL searches, creating rules, analyzing and validating alerts from Helix, Network Security, and Endpoint Security (HX), deep analysis of endpoint data collections, and response actions through Endpoint Security (HX) such as collecting data from across the enterprise and containing endpoints.
Day 1
Helix Fundamentals
Data Sources
Custom Dashboards, Reports, and Lists
Search and Trellix Query
Day 2
Rules
Initial Alerts
Helix Case Management
Day 3
Data Sources, Trends, and the Attack Lifecycle
Using Audit Viewer and Redline®
Windows Telemetry and Acquisitions
Day 4
Investigation Methodology
Capstone: Capture the Flag (CTF)
Security analysts, incident responders, and threat hunters who use Helix, Network Security and Endpoint Security (HX) to detect, investigate, and prevent cyber threats.
Students taking this course should have a working understanding of networking and network security, the Windows operating system, file system, registry, and use of the command line interface (CLI).