This course covers the fundamentals and concepts of network traffic analysis—how to search, filter, analyze, reconstruct, and preserve network traffic; and how to apply techniques learned to conduct a network forensics investigation utilizing the Trellix Network Forensics solution.
Hands-on activities include building an analysis dashboard, executing queries, filtering results, and reconstructing network traffic. On Day 2, learners will pursue an alert and identify anomalies in network traffic to uncover and document indicators of compromise (IOCs) that build a case for a real-world advanced threat.
Day 1: Fundamentals
Appliance Overview and Network Placement
Network Traffic Analysis Foundations
Queries, Reconstruction and Alerts with Investigation Analysis
Day 2: Investigation Workshop
Network Investigation Scenario
Starting with Leads
Investigating the Leads
Investigation Summary and Conclusions
Network security professionals and incident responders who use Trellix Packet Capture and Investigation Analysis appliances to analyze cyber threats through packet data.
A working understanding of networking and network security, knowledge of Wireshark recommended.
This course covers the fundamentals and concepts of network traffic analysis—how to search, filter, analyze, reconstruct, and preserve network traffic; and how to apply techniques learned to conduct a network forensics investigation utilizing the Trellix Network Forensics solution.
Hands-on activities include building an analysis dashboard, executing queries, filtering results, and reconstructing network traffic. On Day 2, learners will pursue an alert and identify anomalies in network traffic to uncover and document indicators of compromise (IOCs) that build a case for a real-world advanced threat.
Day 1: Fundamentals
Appliance Overview and Network Placement
Network Traffic Analysis Foundations
Queries, Reconstruction and Alerts with Investigation Analysis
Day 2: Investigation Workshop
Network Investigation Scenario
Starting with Leads
Investigating the Leads
Investigation Summary and Conclusions
Network security professionals and incident responders who use Trellix Packet Capture and Investigation Analysis appliances to analyze cyber threats through packet data.
A working understanding of networking and network security, knowledge of Wireshark recommended.