Cisco-training

Insoft Services is een van de weinige aanbieders van opleidingen in EMEAR tot een volledige reeks van Cisco-certificering en gespecialiseerde technische opleiding aan te bieden.

Lees meer

Cisco-certificering

Ervaar een blended learning-aanpak die het beste van door een instructeur geleide training en e-learning in eigen tempo combineert om u te helpen zich voor te bereiden op uw certificeringsexamen.

Lees meer

Cisco Learning Credits

Cisco Learning Credits (CLCs) zijn prepaid trainingsvouchers die rechtstreeks bij Cisco worden ingewisseld en die het plannen van uw succes eenvoudiger maken bij de aankoop van Cisco-producten en -services.

Lees meer

Cisco Continuing Education

Het Cisco Continuing Education Program biedt alle actieve certificeringshouders flexibele opties om opnieuw te certificeren door een verscheidenheid aan in aanmerking komende trainingsitems te voltooien.

Lees meer

Cisco Digital Learning

Gecertificeerde medewerkers zijn GEWAARDEERDE activa. Verken de officiële Digital Learning Library van Cisco om uzelf te informeren via opgenomen sessies.

Lees meer

Cisco Business Enablement

Het Cisco Business Enablement Partner Program richt zich op het aanscherpen van de zakelijke vaardigheden van Cisco Channel Partners en klanten.

Lees meer

Cisco trainingscatalogus

Het Cisco Business Enablement Partner Program richt zich op het aanscherpen van de zakelijke vaardigheden van Cisco Channel Partners en klanten.

Lees meer

Fortinet-certificering

Het Fortinet Network Security Expert (NSE) -programma is een training- en certificeringsprogramma op acht niveaus om ingenieurs van hun netwerkbeveiliging te leren voor Fortinet FW-vaardigheden en -ervaring.

Technische trainingen

Fortinet-training

Insoft is erkend als Fortinet Authorized Training Center op geselecteerde locaties in EMEA.

Lees meer

Fortinet trainingscatalogus

Bekijk de volledige Fortinet trainingscatalogus. Het programma omvat een breed scala aan cursussen in eigen tempo en onder leiding van een instructeur.

Lees meer

ATC Status

Bekijk onze ATC-status in geselecteerde landen in Europa.

Lees meer

Fortinet Professionele Services

Wereldwijd erkend team van gecertificeerde experts helpt u een soepelere overgang te maken met onze vooraf gedefinieerde consultancy-, installatie- en migratiepakketten voor een breed scala aan Fortinet-producten.

Lees meer

Microsoft-training

Insoft Services biedt Microsoft-trainingen in EMEAR. We bieden technische trainingen en certificeringscursussen van Microsoft aan die worden geleid door instructeurs van wereldklasse.

Technische cursussen

Extreme-training

Find all the Extreme Networks online and instructor led class room based calendar here.

Technische cursussen

Technische-certificering

We provide comprehensive curriculum of technical competency skills on the certification accomplishment.

Lees meer

Extreme trainingscatalogus

Leer uitzonderlijke kennis en vaardigheden van Extreme Networks

Lees meer

ATP accreditatie

Als geautoriseerde trainingspartner (ATP) zorgt Insoft Services ervoor dat u de hoogste onderwijsnormen krijgt die beschikbaar zijn.

Lees meer

Services Oplossingen

Wij bieden innovatieve en geavanceerde ondersteuning bij het ontwerpen, implementeren en optimaliseren van IT-oplossingen.Ons klantenbestand omvat enkele van de grootste Telco's ter wereld.

Oplossingen

Wereldwijd erkend team van gecertificeerde experts helpt u een soepelere overgang te maken met onze vooraf gedefinieerde consultancy-, installatie- en migratiepakketten voor een breed scala aan Fortinet-producten.

Over ons

Insoft biedt geautoriseerde trainings- en consultancydiensten voor geselecteerde IP-leveranciers. Ontdek hoe we een revolutie teweegbrengen in de industrie.

Lees meer
  • +31 71 799 6230
  • You can unsubscribe from these communications at any time. For more information please review our Privacy Policy. By clicking 'Send Message' below, you consent to allow Insoft Services to store and process the personal information submitted above to provide you with the content requested.

    Network Traffic Analysis with Network Forensics

    Duration
    2 Dagen
    Delivery
    (Online and onsite)
    Price
    Price Upon Request

    This course covers the fundamentals and concepts of network traffic analysis—how to search, filter, analyze, reconstruct, and preserve network traffic; and how to apply techniques learned to conduct a network forensics investigation utilizing the Trellix Network Forensics solution.

     

    Hands-on activities include building an analysis dashboard, executing queries, filtering results, and reconstructing network traffic. On Day 2, learners will pursue an alert and identify anomalies in network traffic to uncover and document indicators of compromise (IOCs) that build a case for a real-world advanced threat.

    • Describe networking models, network data, critical application protocols, network flow, and common attacks on protocols
    • Perform network traffic analysis and investigations using Trellix Network Forensics
    • Customize the analysis environment with dashboards, network visualizations, scheduled queries, and lists
    • Reconstruct carved artifacts/files from network packet data and submit them for malware analysis
    • Investigate an advanced persistent threat (APT) attack based on aggregated alerts and network traffic anomalies

    Day 1: Fundamentals

    Appliance Overview and Network Placement

    • Trellix Packet Capture
    • Trellix Investigation Analysis
    • Analysis workflow example
    • The Trellix Packet Capture and Trellix Investigation Analysis relationship
    • Common deployments

    Network Traffic Analysis Foundations

    • Network models and encapsulation: TCP/IP, UDP
    • The three-way handshake
    • Network forensics data
    • Packet captures
    • Flow data
    • Network flow analysis
    • Critical application protocols
    • Protocols in the TCP/IP stack
    • Common attacks on protocols

    Queries, Reconstruction and Alerts with Investigation Analysis

    • Working with dashboards
    • Searching for network data
    • Constructing queries
    • Network metadata analysis
    • Stacking metadata
    • Filtering traffic using network metadata
    • Scheduling queries and reporting
    • Lists
    • Extracting endpoint information
    • Trellix alerts from integrated appliances
    • Configuring event-based capture rule sets
    • Working with rule sets
    • Network data reconstruction

    Day 2: Investigation Workshop

    Network Investigation Scenario

    • Investigation tools
    • Six steps of an attack
    • Common indicators of compromise
    • Threat group overview
    • Trellix Network Forensics investigations
    • Documenting the investigation
    • Threat group intelligence
    • Attack phases covered in class
    • Investigation labs overview

    Starting with Leads

    • Alerts on Trellix Investigation Analysis
    • Alerts on Trellix Network Security
    • Unusual HTTP user agents
    • Unusual POST requests
    • Trellix Investigation Analysis components
    • Other possible leads

    Investigating the Leads

    • Dive deeper
    • HTTP artifacts analysis
    • Encrypted flows
    • Email analysis

    Investigation Summary and Conclusions

    • Investigation summary
    • Stages of the attack
    • Creating a case

    Network security professionals and incident responders who use Trellix Packet Capture and Investigation Analysis appliances to analyze cyber threats through packet data.

    A working understanding of networking and network security, knowledge of Wireshark recommended.

    This course covers the fundamentals and concepts of network traffic analysis—how to search, filter, analyze, reconstruct, and preserve network traffic; and how to apply techniques learned to conduct a network forensics investigation utilizing the Trellix Network Forensics solution.

     

    Hands-on activities include building an analysis dashboard, executing queries, filtering results, and reconstructing network traffic. On Day 2, learners will pursue an alert and identify anomalies in network traffic to uncover and document indicators of compromise (IOCs) that build a case for a real-world advanced threat.

    • Describe networking models, network data, critical application protocols, network flow, and common attacks on protocols
    • Perform network traffic analysis and investigations using Trellix Network Forensics
    • Customize the analysis environment with dashboards, network visualizations, scheduled queries, and lists
    • Reconstruct carved artifacts/files from network packet data and submit them for malware analysis
    • Investigate an advanced persistent threat (APT) attack based on aggregated alerts and network traffic anomalies

    Day 1: Fundamentals

    Appliance Overview and Network Placement

    • Trellix Packet Capture
    • Trellix Investigation Analysis
    • Analysis workflow example
    • The Trellix Packet Capture and Trellix Investigation Analysis relationship
    • Common deployments

    Network Traffic Analysis Foundations

    • Network models and encapsulation: TCP/IP, UDP
    • The three-way handshake
    • Network forensics data
    • Packet captures
    • Flow data
    • Network flow analysis
    • Critical application protocols
    • Protocols in the TCP/IP stack
    • Common attacks on protocols

    Queries, Reconstruction and Alerts with Investigation Analysis

    • Working with dashboards
    • Searching for network data
    • Constructing queries
    • Network metadata analysis
    • Stacking metadata
    • Filtering traffic using network metadata
    • Scheduling queries and reporting
    • Lists
    • Extracting endpoint information
    • Trellix alerts from integrated appliances
    • Configuring event-based capture rule sets
    • Working with rule sets
    • Network data reconstruction

    Day 2: Investigation Workshop

    Network Investigation Scenario

    • Investigation tools
    • Six steps of an attack
    • Common indicators of compromise
    • Threat group overview
    • Trellix Network Forensics investigations
    • Documenting the investigation
    • Threat group intelligence
    • Attack phases covered in class
    • Investigation labs overview

    Starting with Leads

    • Alerts on Trellix Investigation Analysis
    • Alerts on Trellix Network Security
    • Unusual HTTP user agents
    • Unusual POST requests
    • Trellix Investigation Analysis components
    • Other possible leads

    Investigating the Leads

    • Dive deeper
    • HTTP artifacts analysis
    • Encrypted flows
    • Email analysis

    Investigation Summary and Conclusions

    • Investigation summary
    • Stages of the attack
    • Creating a case

    Network security professionals and incident responders who use Trellix Packet Capture and Investigation Analysis appliances to analyze cyber threats through packet data.

    A working understanding of networking and network security, knowledge of Wireshark recommended.

      Datum op aanvraag

    Follow Up Courses

    Filter
    • 1 Dag
      Datum op aanvraag
      Price on Request
      Book Now
    • 4 Dagen
      Datum op aanvraag
      Price on Request
      Book Now

    Know someone who´d be interested in this course?
    Let them know...

    Use the hashtag #InsoftLearning to talk about this course and find students like you on social media.