Alerts Analysis [ILT]

Version 13
Created by philip Employee on Aug 20, 2014 2:10 PM. Last modified by steve.howard Employee on Apr 5, 2016 1:26 PM.

    Note: This information is available as a downloadable data sheet.

     

    Type

    Instructor-led training (ILT)

     

    Course Description

    This 2-day, instructor-led course provides an introduction to FireEye platform alerts, and a framework on how to interpret callbacks and malware binary analysis results. In a lab environment, students will be presented with alert scenarios and will analyze the alert data to determine the significance of the alerts.

     

    Course Objectives

    Upon completion of the course the learner should be able to:

    • Distinguish FireEye alert types
    • Locate and use critical information in a FireEye alert to assess a potential threat
    • Use Indicators of Compromise (IOCs) in a FireEye alert to identify the threat on compromised hosts

     

    Scope

    • Course level: intermediate
    • Duration: 2 days

     

    Target Audience

    Network security professionals and incident responders; FireEye admin and analyst users.

     

    Course Outline

    1. FireEye Core Technology
      • Malware infection lifecycle
      • MVX engine
      • Appliance analysis phases
    2. Malware Basics
      • Malware overview and definition
      • Motivations of malware
      • Types of malware
      • Spear phishing
      • Stages of an APT attack
    3. Threat Management
      • Primary NX functions
      • Event types
      • Web UI and dashboard
      • Managing alerts
    4. OS Change Walk-through
      • OS Change detail
      • Windows API
      • Windows registry
      • Code injection
      • Alternate data streams
      • Auto-run behavior
      • Driver loading
      • User Account Control
    5. Web Infections & Exploits
      • Web Infection alerts
      • Honey binary
      • Second-stage payloads
    6. Malware Objects
      • Malware Object alerts
      • MVX engine binary analysis of files
      • Tracing downloads through HTTP headers
      • Determine origin of the malware object downloaded
    7. Callbacks
      • Malware Callback alerts
      • Domain Match alerts
      • Encoded traffic
    8. Final Lab Assessment

     

    Lessons can include hands-on labs in addition to presentation/lecture.

     

    Prerequisites

    Students should have:

    • completed at least one FireEye Deployment course (ILT or eLearning) or possess experience administrating FireEye appliances.
    • have a working understanding of networking and network security, the Windows operating system, file system, registry, and use of the CLI.