insoft

Cisco Training Courses

Insoft has been serving IT community with official Cisco training offering since 2010. Find all the relevant information on Cisco training on this page.

View More

Cisco Certifications

Experience a blended learning approach that combines the best of instructor-led training and self-paced e-learning to help you prepare for your certification exam.

View More

Cisco Training Catalogue

Explore a wide variety of the Cisco courses, across different countries as well as online courses.

Browse Catalogue

Cisco Learning Credits

Cisco Learning Credits (CLCs) are prepaid training vouchers redeemed directly with Cisco that make planning for your success easier when purchasing Cisco products and services.

Have CLCs and want to redeem them?

Cisco Continuing Education

The Cisco Continuing Education Program offers all active certification holders flexible options to recertify by completing a variety of eligible training items.

View More

Cisco Digital Learning

Certified employees are VALUED assets. Explore Cisco official Digital Learning Library to educate yourself through recorded sessions.

Browse CDLL Catalogue

Cisco Business Enablement

The Cisco Business Enablement Partner Program focuses on sharpening the business skills of Cisco Channel Partners and customers.

View More

Fortinet Technical Certifications

The Fortinet Network Security Expert (NSE) program is an eight-level training and certification program to teach engineers of their network security for Fortinet FW skills and experience.

View More

Fortinet Technical Courses

Insoft is recognised as Fortinet Authorized Training Center in selected locations across EMEA.

View More

Fortinet Training Catalogue

Explore the full Fortinet training catalogue. The program includes a wide range of self-paced and instructor-led courses.

Browse Catalogue

Official ATC Status

Check our ATC Status across selected countries in Europe.

View More

Fortinet Services Packages

Insoft Services has developed a specific solution to streamline and simplify the process of installing or migrating to Fortinet Products.

Browse Packages

Prepforce Bootcamp

The only comprehensive source available today to prepare for Fortinet NSE 8 certification globally.

View More

Microsoft Training

Insoft Services provides Microsoft training in EMEAR. We offer Microsoft technical training and certification courses that are led by world-class instructors.

View More

Technical Training

The evolution of Extreme Networks Technical Training provides a comprehensive progressive pathway from Associate to Professional accreditation.

View More

Technical Certification

We provide comprehensive curriculum of technical competency skills on the certification accomplishment.

View More

Courses Catalogue

Find all the Extreme Networks online and instructor led class room based calendar here.

View More

ATP Accreditation

As an authorised training partner (ATP), Insoft Services ensures that you receive the highest standards of education available.

View More

Consulting package

We provide innovative and advanced support for designing, implementing and optimising IT solutions. Our client-base includes some of the largest Telcos globally.

Solutions and services

Globally recognised team of certified experts helps you make a smoother transition with our pre-defined consultancy, installation and migration packages for a wide range of Fortinet products.

About Us

Our training portfolio includes a wide range of IT training from IP providers, including Cisco, Extreme Networks, Fortinet, Microsoft, to name a few, in EMEA.

View More
  • +44 20 7131 0263
  • Book Now

    • Investigations with Endpoint Security (HX)

    Enroll Now
    Duration
    3 days
    Delivery
    (Online and onsite)
    Price
    Price Upon Request

    This course covers the fundamentals of live analysis and investigation for endpoints with Trellix Endpoint Security (HX).

     

    Hands-on activities span the entire investigations process, beginning with a Trellix-generated alert, leading to discovery and analysis of the host for evidence of malware and other unwanted intrusion. Analysis of computer systems will be performed using Trellix products and freely available tools.

    • Describe methods of live analysis
    • Use core analyst features of Endpoint Security (HX) such as alerting, enterprise search, and containing endpoints
    • Validate and provide further context for Trellix alerts
    • Demonstrate the ability to plan, execute and report on a digital investigation
    • Analyze a data collection from Endpoint Security (HX) using a defined methodology
    • Identify malicious activity hidden among common Windows events

    Day 1

    1. Threats and Malware Trends

    • Threat landscape
    • Attack motivations
    • MITRE ATT&CK framework
    • Emerging threat actors

    2. Initial Alerts

    • Trellix Endpoint Security (HX) alerts
    • Triage with Triage Summary
    • Trellix Network Security alerts
    • Identifying forensic artifacts in the OS Change detail
    • Mapping artifacts in an alert to host activity

    3. Using Audit Viewer and Redline®

    • Access triage and data collections for hosts.
    • Navigate a triage collectionor acquisition using Redline® or Audit Viewer
    • Apply tags and comments to a triage collection to identify key events

    4. Windows Telemetry

    • Live investigation overview
    • Windows telemetry
      • Memory artifacts
      • System information
      • Processes
      • File system
      • Configuration files
      • Services
      • Scheduled tasks
      • Logging
    • Choosing Data to acquire

    Day 2

    1. Acquisitions

    • Triage and real-time events
    • Live system acquisitions
    • Bulk Acquisitions
    • Endpoint Security (HX)REST API

    2. Endpoint Security (HX) extended capabilities

    • Endpoint Security (HX) modules
    • HXTool

    Day 3

    1. Investigation Methodology

    • MITRE ATT&CK framework
    • Mapping evidence to attacker activity:
      • Evidence of initial compromise
      • Evidence of persistence
      • Evidence of lateral movement
      • Evidence of internal reconnaissance
      • Evidence of data exfiltration

    2. Capstone Capture the Flag (CTF)

    This course is intended for Network security professionals and incident responders who must use Endpoint Security (HX) to investigate, identify and stop cyber threats, as well as security analysts who want to learn investigation techniques used to respond to today’s cyber threats.

    Students taking this course should have a working knowledge of Windows operating systems, networking and network security, file system, registry, and regular expressions. Scripting experience with Python or PowerShell is beneficial.

    Overview

    This course covers the fundamentals of live analysis and investigation for endpoints with Trellix Endpoint Security (HX).

     

    Hands-on activities span the entire investigations process, beginning with a Trellix-generated alert, leading to discovery and analysis of the host for evidence of malware and other unwanted intrusion. Analysis of computer systems will be performed using Trellix products and freely available tools.

    • Describe methods of live analysis
    • Use core analyst features of Endpoint Security (HX) such as alerting, enterprise search, and containing endpoints
    • Validate and provide further context for Trellix alerts
    • Demonstrate the ability to plan, execute and report on a digital investigation
    • Analyze a data collection from Endpoint Security (HX) using a defined methodology
    • Identify malicious activity hidden among common Windows events

    Day 1

    1. Threats and Malware Trends

    • Threat landscape
    • Attack motivations
    • MITRE ATT&CK framework
    • Emerging threat actors

    2. Initial Alerts

    • Trellix Endpoint Security (HX) alerts
    • Triage with Triage Summary
    • Trellix Network Security alerts
    • Identifying forensic artifacts in the OS Change detail
    • Mapping artifacts in an alert to host activity

    3. Using Audit Viewer and Redline®

    • Access triage and data collections for hosts.
    • Navigate a triage collectionor acquisition using Redline® or Audit Viewer
    • Apply tags and comments to a triage collection to identify key events

    4. Windows Telemetry

    • Live investigation overview
    • Windows telemetry
      • Memory artifacts
      • System information
      • Processes
      • File system
      • Configuration files
      • Services
      • Scheduled tasks
      • Logging
    • Choosing Data to acquire

    Day 2

    1. Acquisitions

    • Triage and real-time events
    • Live system acquisitions
    • Bulk Acquisitions
    • Endpoint Security (HX)REST API

    2. Endpoint Security (HX) extended capabilities

    • Endpoint Security (HX) modules
    • HXTool

    Day 3

    1. Investigation Methodology

    • MITRE ATT&CK framework
    • Mapping evidence to attacker activity:
      • Evidence of initial compromise
      • Evidence of persistence
      • Evidence of lateral movement
      • Evidence of internal reconnaissance
      • Evidence of data exfiltration

    2. Capstone Capture the Flag (CTF)

    This course is intended for Network security professionals and incident responders who must use Endpoint Security (HX) to investigate, identify and stop cyber threats, as well as security analysts who want to learn investigation techniques used to respond to today’s cyber threats.

    Students taking this course should have a working knowledge of Windows operating systems, networking and network security, file system, registry, and regular expressions. Scripting experience with Python or PowerShell is beneficial.

      Upcoming Dates
      Date on Request

    Follow Up Courses

    Filter
    Category

    Order A-Z

    Order Z-A

    42 results

    • Investigations with Email Security Cloud
      1 days
      Date on Request
      Price on Request
      Book Now

    • Network and Email Administration Bundle (AX, EX, FX, NX, CMS)
      1 days
      Date on Request
      Price on Request
      Book Now

    • XDR Administration
      2 days
      Date on Request
      Price on Request
      Book Now

    • ATD with DXL, TIE and MAR Administration
      4 days
      Date on Request
      Price on Request
      Book Now

    • Endpoint Security Administration
      4 days
      Date on Request
      Price on Request
      Book Now

    • Network Traffic Analysis with Network Forensics
      2 days
      Date on Request
      Price on Request
      Book Now

    • Cyber Threat Hunting
      2 days
      Date on Request
      Price on Request
      Book Now

    • Investigations with File Protect
      1 days
      Date on Request
      Price on Request
      Book Now

    • Network Detection and Response (NDR) Administration
      1 days
      Date on Request
      Price on Request
      Book Now

    • Network Forensics Administration
      1 days
      Date on Request
      Price on Request
      Book Now

    Know someone who´d be interested in this course?
    Let them know...

    Use the hashtag #InsoftLearning to talk about this course and find students like you on social media.