Cisco-training

Insoft Services is een van de weinige aanbieders van opleidingen in EMEAR tot een volledige reeks van Cisco-certificering en gespecialiseerde technische opleiding aan te bieden.

Lees meer

Cisco-certificering

Ervaar een blended learning-aanpak die het beste van door een instructeur geleide training en e-learning in eigen tempo combineert om u te helpen zich voor te bereiden op uw certificeringsexamen.

Lees meer

Cisco Learning Credits

Cisco Learning Credits (CLCs) zijn prepaid trainingsvouchers die rechtstreeks bij Cisco worden ingewisseld en die het plannen van uw succes eenvoudiger maken bij de aankoop van Cisco-producten en -services.

Lees meer

Cisco Continuing Education

Het Cisco Continuing Education Program biedt alle actieve certificeringshouders flexibele opties om opnieuw te certificeren door een verscheidenheid aan in aanmerking komende trainingsitems te voltooien.

Lees meer

Cisco Digital Learning

Gecertificeerde medewerkers zijn GEWAARDEERDE activa. Verken de officiële Digital Learning Library van Cisco om uzelf te informeren via opgenomen sessies.

Lees meer

Cisco Business Enablement

Het Cisco Business Enablement Partner Program richt zich op het aanscherpen van de zakelijke vaardigheden van Cisco Channel Partners en klanten.

Lees meer

Cisco trainingscatalogus

Het Cisco Business Enablement Partner Program richt zich op het aanscherpen van de zakelijke vaardigheden van Cisco Channel Partners en klanten.

Lees meer

Fortinet-certificering

Het Fortinet Network Security Expert (NSE) -programma is een training- en certificeringsprogramma op acht niveaus om ingenieurs van hun netwerkbeveiliging te leren voor Fortinet FW-vaardigheden en -ervaring.

Technische trainingen

Fortinet-training

Insoft is erkend als Fortinet Authorized Training Center op geselecteerde locaties in EMEA.

Lees meer

Fortinet trainingscatalogus

Bekijk de volledige Fortinet trainingscatalogus. Het programma omvat een breed scala aan cursussen in eigen tempo en onder leiding van een instructeur.

Lees meer

ATC Status

Bekijk onze ATC-status in geselecteerde landen in Europa.

Lees meer

Fortinet Professionele Services

Wereldwijd erkend team van gecertificeerde experts helpt u een soepelere overgang te maken met onze vooraf gedefinieerde consultancy-, installatie- en migratiepakketten voor een breed scala aan Fortinet-producten.

Lees meer

Microsoft-training

Insoft Services biedt Microsoft-trainingen in EMEAR. We bieden technische trainingen en certificeringscursussen van Microsoft aan die worden geleid door instructeurs van wereldklasse.

Technische cursussen

Extreme-training

Find all the Extreme Networks online and instructor led class room based calendar here.

Technische cursussen

Technische-certificering

We provide comprehensive curriculum of technical competency skills on the certification accomplishment.

Lees meer

Extreme trainingscatalogus

Leer uitzonderlijke kennis en vaardigheden van Extreme Networks

Lees meer

ATP accreditatie

Als geautoriseerde trainingspartner (ATP) zorgt Insoft Services ervoor dat u de hoogste onderwijsnormen krijgt die beschikbaar zijn.

Lees meer

Services Oplossingen

Wij bieden innovatieve en geavanceerde ondersteuning bij het ontwerpen, implementeren en optimaliseren van IT-oplossingen.Ons klantenbestand omvat enkele van de grootste Telco's ter wereld.

Oplossingen

Wereldwijd erkend team van gecertificeerde experts helpt u een soepelere overgang te maken met onze vooraf gedefinieerde consultancy-, installatie- en migratiepakketten voor een breed scala aan Fortinet-producten.

Over ons

Insoft biedt geautoriseerde trainings- en consultancydiensten voor geselecteerde IP-leveranciers. Ontdek hoe we een revolutie teweegbrengen in de industrie.

Lees meer
  • +31 71 799 6230
  • You can unsubscribe from these communications at any time. For more information please review our Privacy Policy. By clicking 'Send Message' below, you consent to allow Insoft Services to store and process the personal information submitted above to provide you with the content requested.

    Alert Analysis and Investigations with Network Security and Endpoint Security (HX)

    Duration
    4 Dagen
    Delivery
    (Online and onsite)
    Price
    Price Upon Request

    This course examines how to triage alerts generated by the Trellix Network Security and Endpoint Security (HX) platforms, derive actionable information from those alerts, and inspect affected endpoints using live analysis and investigation fundamentals.Hands-on activities span the entire analysis and live investigation process, beginning with a Trellix-generated alert, leading to discovery and analysis of the host for evidence of malware and other unwanted intrusion. Endpoint analysis focuses on investigation techniques using features of Endpoint Security (HX), such as the Triage Summary, Audit Viewer, and Acquisitions.

    • Recognize current malware threats and trends
    • Interpret alerts from Network Security and Endpoint Security (HX) products
    • Locate and use critical information in Trellix alerts to assess a potential threat
    • Define indicators of compromise based on an alert and identify compromised hosts
    • Describe methods of live analysis
    • Create and request data acquisitions to conduct an investigation
    • Define common characteristics of Windows processes and services
    • Investigate a data collection from Endpoint Security (HX) using a defined methodology
    • Identify malicious activity hidden among common Windows events

    Day 1

    Threats and Malware Trends

    • Threat landscape
    • Attack motivations
    • MITRE ATT&CK framework
    • Emerging threat actors

    Initial Alerts

    • Endpoint Security (HX) alerts
    • Triage with Triage Summary
    • Network Security alerts
    • Identifying forensic artifacts in the OS Change Detail

    MVX Alerts

    • Trellix alert types
    • Identifying forensic artifacts in the OS Change Detail
    • Callbacks
    • SmartVision
    • Threat assessment

    Day 2

    Using Audit Viewer and Redline®

    • Access triage and data collections for hosts
    • Navigate a triage collection or acquisition using Redline® or Audit Viewer
    • Apply tags and comments to a triage collection to identify key events

    Windows Telemetry and Acquisitions

    • Live forensic overview
    • Windows telemetry
    • Acquiring data

    Day 3

    Acquisitions

    • Triage and real-time events
    • Live system acquisitions
    • Bulk acquisitions
    • Endpoint Security (HX) REST API

    Modules

    • Administration
    • Detection and protection
    • Response

    Day 4

    Investigation Methodology

    • MITRE ATT&CK framework
    • Mapping evidence to attacker activity

    Capstone: Capture the Flag (CTF)

    This course is intended for security analysts, incident responders, and threat hunters who use Network Security or Endpoint Security (HX) to detect, investigate, and prevent cyber threats.

    Students taking this course should have a working knowledge of Windows operating systems, networking and network security, file system, registry and regular expressions, and experience scripting in Python.

    This course examines how to triage alerts generated by the Trellix Network Security and Endpoint Security (HX) platforms, derive actionable information from those alerts, and inspect affected endpoints using live analysis and investigation fundamentals.Hands-on activities span the entire analysis and live investigation process, beginning with a Trellix-generated alert, leading to discovery and analysis of the host for evidence of malware and other unwanted intrusion. Endpoint analysis focuses on investigation techniques using features of Endpoint Security (HX), such as the Triage Summary, Audit Viewer, and Acquisitions.

    • Recognize current malware threats and trends
    • Interpret alerts from Network Security and Endpoint Security (HX) products
    • Locate and use critical information in Trellix alerts to assess a potential threat
    • Define indicators of compromise based on an alert and identify compromised hosts
    • Describe methods of live analysis
    • Create and request data acquisitions to conduct an investigation
    • Define common characteristics of Windows processes and services
    • Investigate a data collection from Endpoint Security (HX) using a defined methodology
    • Identify malicious activity hidden among common Windows events

    Day 1

    Threats and Malware Trends

    • Threat landscape
    • Attack motivations
    • MITRE ATT&CK framework
    • Emerging threat actors

    Initial Alerts

    • Endpoint Security (HX) alerts
    • Triage with Triage Summary
    • Network Security alerts
    • Identifying forensic artifacts in the OS Change Detail

    MVX Alerts

    • Trellix alert types
    • Identifying forensic artifacts in the OS Change Detail
    • Callbacks
    • SmartVision
    • Threat assessment

    Day 2

    Using Audit Viewer and Redline®

    • Access triage and data collections for hosts
    • Navigate a triage collection or acquisition using Redline® or Audit Viewer
    • Apply tags and comments to a triage collection to identify key events

    Windows Telemetry and Acquisitions

    • Live forensic overview
    • Windows telemetry
    • Acquiring data

    Day 3

    Acquisitions

    • Triage and real-time events
    • Live system acquisitions
    • Bulk acquisitions
    • Endpoint Security (HX) REST API

    Modules

    • Administration
    • Detection and protection
    • Response

    Day 4

    Investigation Methodology

    • MITRE ATT&CK framework
    • Mapping evidence to attacker activity

    Capstone: Capture the Flag (CTF)

    This course is intended for security analysts, incident responders, and threat hunters who use Network Security or Endpoint Security (HX) to detect, investigate, and prevent cyber threats.

    Students taking this course should have a working knowledge of Windows operating systems, networking and network security, file system, registry and regular expressions, and experience scripting in Python.

      Datum op aanvraag

    Follow Up Courses

    Filter
    • 2 Dagen
      Datum op aanvraag
      Price on Request
      Book Now
    • 3 Dagen
      Datum op aanvraag
      Price on Request
      Book Now
    • 4 Dagen
      Datum op aanvraag
      Price on Request
      Book Now
    • 4 Dagen
      Datum op aanvraag
      Price on Request
      Book Now
    • 4 Dagen
      Datum op aanvraag
      Price on Request
      Book Now
    • 1 Dag
      Datum op aanvraag
      Price on Request
      Book Now
    • 4 Dagen
      Datum op aanvraag
      Price on Request
      Book Now
    • 2 Dagen
      Datum op aanvraag
      Price on Request
      Book Now
    • 4 Dagen
      Datum op aanvraag
      Price on Request
      Book Now
    • 5 Dagen
      Datum op aanvraag
      Price on Request
      Book Now

    Know someone who´d be interested in this course?
    Let them know...

    Use the hashtag #InsoftLearning to talk about this course and find students like you on social media.