Cisco-training

Insoft Services is een van de weinige aanbieders van opleidingen in EMEAR tot een volledige reeks van Cisco-certificering en gespecialiseerde technische opleiding aan te bieden.

Lees meer

Cisco-certificering

Ervaar een blended learning-aanpak die het beste van door een instructeur geleide training en e-learning in eigen tempo combineert om u te helpen zich voor te bereiden op uw certificeringsexamen.

Lees meer

Cisco Learning Credits

Cisco Learning Credits (CLCs) zijn prepaid trainingsvouchers die rechtstreeks bij Cisco worden ingewisseld en die het plannen van uw succes eenvoudiger maken bij de aankoop van Cisco-producten en -services.

Lees meer

Cisco Continuing Education

Het Cisco Continuing Education Program biedt alle actieve certificeringshouders flexibele opties om opnieuw te certificeren door een verscheidenheid aan in aanmerking komende trainingsitems te voltooien.

Lees meer

Cisco Digital Learning

Gecertificeerde medewerkers zijn GEWAARDEERDE activa. Verken de officiële Digital Learning Library van Cisco om uzelf te informeren via opgenomen sessies.

Lees meer

Cisco Business Enablement

Het Cisco Business Enablement Partner Program richt zich op het aanscherpen van de zakelijke vaardigheden van Cisco Channel Partners en klanten.

Lees meer

Cisco trainingscatalogus

Het Cisco Business Enablement Partner Program richt zich op het aanscherpen van de zakelijke vaardigheden van Cisco Channel Partners en klanten.

Lees meer

Fortinet-certificering

Het Fortinet Network Security Expert (NSE) -programma is een training- en certificeringsprogramma op acht niveaus om ingenieurs van hun netwerkbeveiliging te leren voor Fortinet FW-vaardigheden en -ervaring.

Technische trainingen

Fortinet-training

Insoft is erkend als Fortinet Authorized Training Center op geselecteerde locaties in EMEA.

Lees meer

Fortinet trainingscatalogus

Bekijk de volledige Fortinet trainingscatalogus. Het programma omvat een breed scala aan cursussen in eigen tempo en onder leiding van een instructeur.

Lees meer

ATC Status

Bekijk onze ATC-status in geselecteerde landen in Europa.

Lees meer

Fortinet Professionele Services

Wereldwijd erkend team van gecertificeerde experts helpt u een soepelere overgang te maken met onze vooraf gedefinieerde consultancy-, installatie- en migratiepakketten voor een breed scala aan Fortinet-producten.

Lees meer

Microsoft-training

Insoft Services biedt Microsoft-trainingen in EMEAR. We bieden technische trainingen en certificeringscursussen van Microsoft aan die worden geleid door instructeurs van wereldklasse.

Technische cursussen

Extreme-training

Find all the Extreme Networks online and instructor led class room based calendar here.

Technische cursussen

Technische-certificering

We provide comprehensive curriculum of technical competency skills on the certification accomplishment.

Lees meer

Extreme trainingscatalogus

Leer uitzonderlijke kennis en vaardigheden van Extreme Networks

Lees meer

ATP accreditatie

Als geautoriseerde trainingspartner (ATP) zorgt Insoft Services ervoor dat u de hoogste onderwijsnormen krijgt die beschikbaar zijn.

Lees meer

Services Oplossingen

Wij bieden innovatieve en geavanceerde ondersteuning bij het ontwerpen, implementeren en optimaliseren van IT-oplossingen.Ons klantenbestand omvat enkele van de grootste Telco's ter wereld.

Oplossingen

Wereldwijd erkend team van gecertificeerde experts helpt u een soepelere overgang te maken met onze vooraf gedefinieerde consultancy-, installatie- en migratiepakketten voor een breed scala aan Fortinet-producten.

Over ons

Insoft biedt geautoriseerde trainings- en consultancydiensten voor geselecteerde IP-leveranciers. Ontdek hoe we een revolutie teweegbrengen in de industrie.

Lees meer
  • +31 71 799 6230
  • You can unsubscribe from these communications at any time. For more information please review our Privacy Policy. By clicking 'Send Message' below, you consent to allow Insoft Services to store and process the personal information submitted above to provide you with the content requested.

    Investigations with Helix, Network and Endpoint Bundle (Helix, HX, NX)

    Duration
    4 Dagen
    Delivery
    (Online and onsite)
    Price
    Price Upon Request

    This course covers the XDR workflow, including configuring data sources through extended detection via Trellix Helix, Trellix Network Security, and Trellix Endpoint Security (HX). Learners triage Trellix-generated alerts, derive actionable information from those alerts, and inspect affected endpoints using live analysis and investigation fundamentals.

     

    Hands-on activities include writing TQL searches, creating rules, analyzing and validating alerts from Helix, Network Security, and Endpoint Security (HX), deep analysis of endpoint data collections, and response actions through Endpoint Security (HX) such as collecting data from across the enterprise and containing endpoints.

    • Identify the components needed to deploy Trellix Helix, Network Security, and Endpoint Security (HX)
    • Determine which data sources are most useful for Helix detection and investigation
    • Locate and use critical information in a Helix alert to assess a potential threat
    • Comfortably pivot from the Helix web console to native Trellix tools for deep analysis
    • Validate Network Security and Endpoint Security (HX) alerts
    • Use specialized features of Network Security and Endpoint Security (HX) to investigate and respond to potential threats across enterprise systems and endpoints

    Day 1

    Helix Fundamentals

    • Helix Overview
    • Features and Capabilities
    • Searching and Pivoting
    • 3rd Party Data Sources
    • Custom Dashboards

    Data Sources

    • Cloud Data Sources
    • On-premises Data Sources
    • Data Access

    Custom Dashboards, Reports, and Lists

    • Custom Dashboards
    • Reports
    • Lists

    Search and Trellix Query

    • Language (TQL)
    • Searchable Fields
    • Anatomy of an MQL Search
    • MQL Search, Directive, and Transform Clauses

    Day 2

    Rules

    • Creating and Enabling Rules
    • Using Regular Expressions in Rules
    • Helix Analytics
    • Multi-stage Rules

    Initial Alerts

    • Helix Alerts
    • Guided Investigations
    • Endpoint Security (HX) Alerts
    • Network Security Alerts

    Helix Case Management

    • Creating a Case in Helix
    • Adding Events to a Case
    • Case Workflow

    Day 3

    Data Sources, Trends, and the Attack Lifecycle

    • Threat Landscape
    • Attack Motivations
    • MITRE ATT&CK Framework
    • Emerging Threat Actors

    Using Audit Viewer and Redline®

    • Access Triage and Data Collections for Hosts
    • Navigate a Triage Collection or Acquisition using Audit Viewer
    • Apply Tags and Comments to a Triage Collection to Identify Key Events

    Windows Telemetry and Acquisitions

    • Live Forensic Overview
    • Windows Telemetry
      • Memory Artifacts
      • System Information
      • Processes
      • File System
      • Configuration Files
      • Services
      • Scheduled Tasks
      • Logging
    • Acquiring Data

    Day 4

    Investigation Methodology

    • MITRE ATT&CK Framework
    • Mapping Evidence to Attacker Activity
      • Evidence of Initial Compromise
      • Evidence of Persistence
      • Evidence of Lateral Movement
      • Evidence of Internal Reconnaissance
      • Evidence of Data Exfiltration

    Capstone: Capture the Flag (CTF)

    Security analysts, incident responders, and threat hunters who use Helix, Network Security and Endpoint Security (HX) to detect, investigate, and prevent cyber threats.

    Students taking this course should have a working understanding of networking and network security, the Windows operating system, file system, registry, and use of the command line interface (CLI).

    This course covers the XDR workflow, including configuring data sources through extended detection via Trellix Helix, Trellix Network Security, and Trellix Endpoint Security (HX). Learners triage Trellix-generated alerts, derive actionable information from those alerts, and inspect affected endpoints using live analysis and investigation fundamentals.

     

    Hands-on activities include writing TQL searches, creating rules, analyzing and validating alerts from Helix, Network Security, and Endpoint Security (HX), deep analysis of endpoint data collections, and response actions through Endpoint Security (HX) such as collecting data from across the enterprise and containing endpoints.

    • Identify the components needed to deploy Trellix Helix, Network Security, and Endpoint Security (HX)
    • Determine which data sources are most useful for Helix detection and investigation
    • Locate and use critical information in a Helix alert to assess a potential threat
    • Comfortably pivot from the Helix web console to native Trellix tools for deep analysis
    • Validate Network Security and Endpoint Security (HX) alerts
    • Use specialized features of Network Security and Endpoint Security (HX) to investigate and respond to potential threats across enterprise systems and endpoints

    Day 1

    Helix Fundamentals

    • Helix Overview
    • Features and Capabilities
    • Searching and Pivoting
    • 3rd Party Data Sources
    • Custom Dashboards

    Data Sources

    • Cloud Data Sources
    • On-premises Data Sources
    • Data Access

    Custom Dashboards, Reports, and Lists

    • Custom Dashboards
    • Reports
    • Lists

    Search and Trellix Query

    • Language (TQL)
    • Searchable Fields
    • Anatomy of an MQL Search
    • MQL Search, Directive, and Transform Clauses

    Day 2

    Rules

    • Creating and Enabling Rules
    • Using Regular Expressions in Rules
    • Helix Analytics
    • Multi-stage Rules

    Initial Alerts

    • Helix Alerts
    • Guided Investigations
    • Endpoint Security (HX) Alerts
    • Network Security Alerts

    Helix Case Management

    • Creating a Case in Helix
    • Adding Events to a Case
    • Case Workflow

    Day 3

    Data Sources, Trends, and the Attack Lifecycle

    • Threat Landscape
    • Attack Motivations
    • MITRE ATT&CK Framework
    • Emerging Threat Actors

    Using Audit Viewer and Redline®

    • Access Triage and Data Collections for Hosts
    • Navigate a Triage Collection or Acquisition using Audit Viewer
    • Apply Tags and Comments to a Triage Collection to Identify Key Events

    Windows Telemetry and Acquisitions

    • Live Forensic Overview
    • Windows Telemetry
      • Memory Artifacts
      • System Information
      • Processes
      • File System
      • Configuration Files
      • Services
      • Scheduled Tasks
      • Logging
    • Acquiring Data

    Day 4

    Investigation Methodology

    • MITRE ATT&CK Framework
    • Mapping Evidence to Attacker Activity
      • Evidence of Initial Compromise
      • Evidence of Persistence
      • Evidence of Lateral Movement
      • Evidence of Internal Reconnaissance
      • Evidence of Data Exfiltration

    Capstone: Capture the Flag (CTF)

    Security analysts, incident responders, and threat hunters who use Helix, Network Security and Endpoint Security (HX) to detect, investigate, and prevent cyber threats.

    Students taking this course should have a working understanding of networking and network security, the Windows operating system, file system, registry, and use of the command line interface (CLI).

      Datum op aanvraag

    Follow Up Courses

    Filter
    • 2 Dagen
      Datum op aanvraag
      Price on Request
      Book Now
    • 3 Dagen
      Datum op aanvraag
      Price on Request
      Book Now
    • 4 Dagen
      Datum op aanvraag
      Price on Request
      Book Now
    • 4 Dagen
      Datum op aanvraag
      Price on Request
      Book Now
    • 4 Dagen
      Datum op aanvraag
      Price on Request
      Book Now
    • 1 Dag
      Datum op aanvraag
      Price on Request
      Book Now
    • 4 Dagen
      Datum op aanvraag
      Price on Request
      Book Now
    • 2 Dagen
      Datum op aanvraag
      Price on Request
      Book Now
    • 4 Dagen
      Datum op aanvraag
      Price on Request
      Book Now
    • 5 Dagen
      Datum op aanvraag
      Price on Request
      Book Now

    Know someone who´d be interested in this course?
    Let them know...

    Use the hashtag #InsoftLearning to talk about this course and find students like you on social media.