This course covers the Trellix Helix workflow, triaging Helix alerts, creating and scoping cases from an alert, and using Helix during an investigation.
Hands-on activities include writing TQL searches, as well as analyzing and validating Helix alerts.
Day 1
Helix Fundamentals
Search and Trellix Query Language (TQL)
Day 2
Data Source Selection and the MITRE ATT&CK framework
Rules & Lists
Initial Alerts
Helix Case Management
Network security professionals, incident responders and Trellix administrators and analysts who use Helix to analyze data in noisy event streams.
Students taking this course should have a working understanding of networking and network security, the Windows operating system, file system, registry, and use of the command line interface (CLI).
This course covers the Trellix Helix workflow, triaging Helix alerts, creating and scoping cases from an alert, and using Helix during an investigation.
Hands-on activities include writing TQL searches, as well as analyzing and validating Helix alerts.
Day 1
Helix Fundamentals
Search and Trellix Query Language (TQL)
Day 2
Data Source Selection and the MITRE ATT&CK framework
Rules & Lists
Initial Alerts
Helix Case Management
Network security professionals, incident responders and Trellix administrators and analysts who use Helix to analyze data in noisy event streams.
Students taking this course should have a working understanding of networking and network security, the Windows operating system, file system, registry, and use of the command line interface (CLI).