Catalog Training Courses - FireEye
catalogTraining CoursesCatalog of Instructor-Led and Web-Based Training
CATALOG FIREEYE TRAINING COURSESContentsIntroduction. 4Product Training from FireEyeInstructor-Led Training CoursesAlert Analysis and Diagnostics with FireEye Email Security—Server Edition. 7Alert Analysis with FireEye Email Security—Cloud Edition. 8Alert Analysis with FireEye File Protect. 8Alert Triage with FireEye Malware Analysis. 9Cyber Threat Hunting. 10Cyber Threat Hunting Workshop. 11FireEye Alert Analysis and Endpoint Investigations. 12FireEye Email Security - Server Edition Administration and Diagnostics. 13FireEye Endpoint Security Administration and Diagnostics. 13FireEye Helix. 14FireEye Network Security Administration and Diagnostics. 15Fundamentals of Network Traffic Analysis using FireEye Network Forensics . 15Helix Threat Analytics . 16Investigations with FireEye Endpoint Security . 16Web-Based Training CoursesCentral Management (CM) Deployment (WBT). 17Email Security—Cloud Edition (WBT). 18Email Security (EX) Deployment (WBT). 18Endpoint Security for Analysts (WBT). 19Endpoint Security for System Administrators (WBT). 19File Content Security (FX) Deployment (WBT). 20Malware Analysis (AX) Deployment (WBT). 20Network Forensics (PX) Deployment (WBT). 21Network Security (NX) Deployment (WBT). 212
CATALOG FIREEYE TRAINING COURSESCyber Security Training from MandiantInstructor-Led Training CoursesIntroductory CoursesCyber Security Awareness. 23Fundamentals of Industrial Control Systems (ICS) Security . 24Fundamentals of Cyber Security . 25Cyber Security Policy and Implementation . 26Audits and Compliance in the Cyber Domain . 27Intelligence and Attribution CoursesIntroduction to Threat Intelligence and Attribution . 28Hunt Mission Workshop. 29Analytic Tradecraft Workshop. 30Introduction to Cyber Crime for Executives. 31Cyber Intelligence Foundations. 32Cyber Intelligence Research I—Scoping . 33Cyber Intelligence Research II—Open Source Intelligence (OSINT). 34Cyber Intelligence Production . 35Incident Response CoursesWindows Enterprise Incident Response . 36Linux Enterprise Incident Response . 37Digital Forensics and Incident Response for PLCs . 38Network Traffic Analysis . 39Malware Analysis CoursesEssentials of Malware Analysis . 40Malware Analysis Crash Course . 41Malicious Documents Analysis. 42Advanced Red Teaming Techniques: Malware Authoring and Repurposing. 43macOS Malware Analysis for Reverse Engineers . 44Malware Analysis Master Course . 45Router Backdoor Analysis . 46Advanced Acquisition and Testing TechniquesCreative Red Teaming . 47Practical Mobile Application Security . 48Security and the Software Development Lifecycle . 493
CATALOG FIREEYE TRAINING COURSESWorkshopsBusiness Email Compromise . 50Mandiant Security Validation Security Instrumentation Platform Bootcamp . 51Exercises and PreparednessThreatspace: Real-World Attack Scenarios . 52Senior Executive Mentorship Program . 534
5CATALOG FIREEYE TRAINING COURSESIntroductionCourse ListingsCourses in this catalog are divided into two broad categories: Product training from FireEye, which covers thecore functionality of FireEye products and solutions,including deployment, administration, usage andtroubleshooting during detection, analysis, investigationand response activities Cyber security training from Mandiant Solutions coversessential cyber security skills that use free, open-sourceor existing customer technologies, whether or not theyare FireEye solutionsInstructor-Led TrainingInstructor-led training is presented by a live instructor,either in-person or via a virtual classroom. Instructor-ledtraining includes hands-on labs designed to accelerate theacquisition of practical skills.All of our instructors are security professionals with yearsof security experience. FireEye instructors have extensiveexperience working with FireEye solutions; and Mandiantinstructors have applied their skills on the frontlines ofmajor cyber incidents around the world.The duration of a single instructor-led training course canrange from a half-day to five days.Web-Based TrainingWeb-based training (WBT) are self-paced online coursesthat can be accessed at any time, from any location.Learners may pause and resume training as their scheduleallows. The training is practical and abbreviated; it doesnot contain hands-on labs or exercises.Our web-based training is designed to work in moderndesktop browsers (Chrome, Firefox, Safari, InternetExplorer 10 and Microsoft Edge) and tablets (such asiPad) without the use of browser plugins. Technologyneeds and exceptions are noted in course descriptionswhen applicable.The duration of a single web-based training course canrange from 45 minutes to a full day.Experiential LearningExperiential learning uses a hands-on approach thatrecreates a network compromise situation and provides aholistic incident response experience. A cyber simulationrange provides a consequence-free environment whereparticipants are challenged to respond as a team tothe latest advanced persistent threat (APT) attackmethodologies.The ability to expose teams to nation-state level attackswithin a cyber range allows them to learn, practice, andinnovate without experiencing an actual compromise.Experiential learning connects the training environmentto the operating environment, which allows leadership toassess team performance and get an honest assessmentof team readiness against relevant threats.
6CATALOG FIREEYE TRAINING COURSESDelivery Methods by CourseOnsite ILT: An onsite instructor-led course delivered at your organization’s office.Offsite ILT: An offsite instructor-led course delivered at a third-party location.Virtual ILT: A virtual (online) instructor-led course delivered exclusively to your organization.Web-based training: A web-based (also on-demand or self-paced) training course accessible to your organizationanytime, anywhere.Public ILT: A public instructor-led course delivered at a FireEye office or third-party classroom. It may include attendeesfrom many different organizations.Public VILT: A public virtual (online) instructor-led course which may include attendees from many different organizations.OnsiteILTOffsiteILTVirtualILTPublic ILT(Per Seat)Public VILT(Per Seat)Alert Analysis and Diagnostics with FireEye EmailSecurity—Server EditionxxxxxAlert Analysis with FireEye Email Security—Cloud EditionxxxxxAlert Analysis with FireEye File ProtectxxxxxAlert Triage with FireEye Malware AnalysisxxxxxCyber Threat HuntingxxxxxFireEye Alert Analysis and Endpoint InvestigationsxxxxxFireEye Email Security—Server Edition Administrationand DiagnosticsxxxxxFireEye Endpoint Security Administration and DiagnosticsxxxxxProduct Training from FireEyeWeb-BasedTrainingFireEye HelixxxxxxFundamentals of Network Traffic Analysisusing FireEye Network ForensicsxxxxxHelix Threat AnalyticsxxxxxInvestigations with FireEye Endpoint SecurityxxxxxFireEye Network Security Administration and DiagnosticsxxxxxCentral Management (CM) DeploymentxEmail Security—Cloud EditionxEmail Security (EX) DeploymentxEndpoint Security for AnalystsxEndpoint Security for System AdministratorsxFile Content Security (FX) DeploymentxMalware Analysis (AX) DeploymentxNetwork Forensics (PX) DeploymentxNetwork Security (NX) Deploymentx
7CATALOG FIREEYE TRAINING COURSESOnsiteILTOffsiteILTPublic ILT(Per Seat)Public VILT(Per Seat)Advanced Red Teaming Techniques:Malware Authoring and RepurposingxxAnalytic Tradecraft WorkshopxxxxxAudits and Compliance in the Cyber DomainxxBusiness Email CompromisexxxxxCreative Red TeamingxxxxxCyber Intelligence FoundationsxxxxxCyber Intelligence ProductionxxxxCyber Intelligence Research I—ScopingxxxxCyber Intelligence Research II—Open SourceIntelligence (OSINT)xxxxCyber Security AwarenessxxxxxxCyber Security Policy and ImplementationxxDigital Forensics and Incident Response for PLCsxxEssentials of Malware AnalysisxxxxxFundamentals of Cyber SecurityxxFundamentals of Industrial Control Systems (ICS)SecurityxxxxxHunt Mission WorkshopxxxxxIntroduction to Cyber Crime for ExecutivesxxxxxIntroduction to Threat Intelligence and AttributionxxxxxLinux Enterprise Incident ResponsexxxxxmacOS Malware Analysis for Reverse EngineersxxMalicious Documents AnalysisxxMalware Analysis Crash CoursexxxxxMalware Analysis Master CoursexxMandiant Security Validation SecurityInstrumentation Platform BootcampxxxNetwork Traffic AnalysisxxxxxPractical Mobile Application SecurityxxRouter Backdoor AnalysisxxSecurity and the Software Development LifecyclexxxxSenior Executive Mentorshop ProgramxxThreatspace: Real-World Attack ScenariosxxWindows Enterprise Incident ResponsexxxxCyber Security Training from MandiantVirtualILTWeb-BasedTrainingxxxx
8CATALOG FIREEYE TRAINING COURSESProduct Training from FireEyeInstructor-Led Training CoursesAlert Analysis and Diagnostics with FireEye Email Security—Server EditionThis two-day course is designed to show analysts andemail administrators how to effectively use FireEye EmailSecurity—Server Edition to detect, contain and diagnoseemail threats. Examine OS and file changes in alert details to identifyDay 1 is primarily for analysts who need to derivemeaningful, actionable information from FireEye alerts toassess and triage threats to their environment. It introducesFireEye Email Security—Server Edition and its primarycapabilities, including detection of malicious files and URLs,email alerts and containment through quarantine. Identify common issues and steps for resolution withDay 2 introduces a framework for administration anddiagnostics of Email Security—Server Edition. It includeschecklists, case studies, lab challenges and guidance fortransitioning difficult cases to the FireEye support team.This hand-on workshop gives learners practical experienceadministering an Email Security appliance and diagnosingcommon issues.Learning ObjectivesAfter completing this course, learners should be able to: Recognize current malware threats and trends Understand the threat detection and preventioncapabilities of Email Security – Server Edition Locate and use critical FireEye alert information toassess a potential threatmalware behaviors Identify Indicators of Compromise (IOCs) in a FireEyealert and use them to identify compromised hostsEmail Security deployment Perform administration tasks on theEmail Security—Server Edition appliance Recognize underlying technology and protocols ofSMTP email transfer Using logs, determine status of email transfer and analysis Know when to escalate issues and obtain furtherassistance from FireEyeWho Should AttendSecurity professionals, incident responders andemail administrators.PrerequisitesA working understanding of networking, email securityand email support.Duration2 days
9CATALOG FIREEYE TRAINING COURSESAlert Analysis with FireEye Email Security—Cloud EditionThis one-day course provides an overview of EmailSecurity—Cloud Edition core functionality, includingadministration procedures and alert analysis. Identify alerts correlated with Network Security with andHands-on activities include rule and policy creation,alert generation and the breakdown and analysis ofinformation found in FireEye email alerts that is used inincident reporting. Access and manage alerts and quarantined emailsLearning ObjectivesAfter completing this course, learners should be able to: Describe how Email Security detects and protectsagainst malware Demonstrate knowledge of the email analysis process Configure Email Security settings, policies and notifications Describe the various queues used for emailwithout Central Management Find critical alert information on the Dashboard Examine OS and file changes in alert details to identifymalware behaviors and triage alertsWho Should AttendAnalysts and administrators responsible for the set up andmanagement of Email Security—Cloud Edition.PrerequisitesA working understanding of networking and networksecurity and Windows operating and file systems.Duration1 daymanagement and processingAlert Analysis with FireEye File ProtectThis one-day course is designed to prepare analysts totriage and derive meaningful, actionable information fromalerts on FireEye File Protect.A hands-on lab environment presents learners with varioustypes of alerts and real-world scenarios and gives them theopportunity to conduct in-depth analysis on the behaviorand attributes of malware to assess real-world threats.Learning ObjectivesAfter completing this course, learners should be able to: Recognize current malware threats and trends Understand the threat detection and preventioncapabilities of File Protect Locate and use critical information in a File Protect alertto assess a potential threat Examine OS and file changes in alert details to identifymalware behaviors and triage alerts Identify Indicators of Compromise (IOCs) in a File Protectalert and use them to identify compromised hostsWho Should AttendSecurity professionals, incident responders andFireEye analysts.PrerequisitesA working understanding of networking and networksecurity, the Windows operating system, file system, registryand use of the command line interface (CLI).Duration1 day
10CATALOG FIREEYE TRAINING COURSESAlert Triage with FireEye Malware AnalysisThis one-day course is designed to prepare learnersto perform alert triage using the FireEye MalwareAnalysis appliance.Who Should AttendSecurity analysts or incident responders who areresponsible for enterprise threat management.Learners will be able to administrate and use the FireEyeMalware Analysis appliance. A hands-on lab environmentoffers learners an opportunity to submit malware samplesfor deep analysis and then interpret the results.PrerequisitesA working understanding of networking and networksecurity, the Windows operating system, file system, registryand use of the command line interface (CLI).Learning ObjectivesAfter completing this course, learners should be able to:Duration1 day Describe malware behaviors, stages of an attack (malwarelifecycle) and current trends in the threat landscape Explain the process and initial steps of conductingmalware analysis Differentiate between static and dynamic analysis Understand the features and functions of the MalwareAnalysis appliance Submit malware samples to the appliance for deepanalysis and alert triage Locate and use critical information in analysis results toassess a potential threat Identify IOCs in analysis results Examine the use of YARA rules on FireEye appliances
11CATALOG FIREEYE TRAINING COURSESCyber Threat HuntingThis two-day course covers the fundamentals of threathunting, how to build out a hunt program in your ownenvironment and how to identify, define and execute ahunt mission. The course introduces essential concepts fornetwork and endpoint hunting and then allows learnersto apply techniques to hunt for anomalous patterns.Hands-on activities follow real-world use cases to identifyattacker techniques. Learners will leave the course withconcrete use cases that they can apply to hunt in theirown environment.Throughout the course, instructors provide guidance onhunting across typical security toolsets such as SIEM,packet capture and endpoint detection and response(EDR). Learners do not need a prior knowledge of specificFireEye technology, but lab activities do use FireEye Helix,FireEye Endpoint Security (HX) and FireEye NetworkForensics (PX/IA). For example, endpoint hunting usecases rely on either Endpoint Security, Helix or both, toacquire data used in the hunt mission.Learning ObjectivesAfter completing this course, learners should be able to: Define cyber threat hunting and articulate its valueto an organization Create or enhance an existing hunting program Apply provided use cases for your hunting program Build hunt missions for threat hunting in your organization Use both endpoint and network data forsuccessful hunting Implement a hunting mission to hunt
FireEye Email Security—Server Edition Administration and Diagnostics x x x x x FireEye Endpoint Security Administration and Diagnostics x x x x x FireEye Helix x x x x x Fundamentals of Network Traffic Analysis using FireEye Network Forensics x x x x x Helix Threat Analytics x x x x x Investigations with FireEye Endpoint Security x x x x x
Figure 5: FireEye NX 4420 Figure 6: FireEye NX 7400 Figure 7: FireEye NX 7420 . FIPS 140-2 Security Policy v0.2 8 Figure 8: FireEye NX 7500 Figure 9: FireEye NX 9450 Figure 10: FireEye NX 10000 . FIPS 140-2 Security Policy v0.2 9 Figure 11: FireEye NX 10450 .
GigaVUE-HC2 and FireEye NX 2400, a inline tool group solution through the FireEye GUI and Gigamon-OS H-VUE. The procedures are organized as follows: FireEye NX 2400 Configuration: Inline Tools Gigamon GigaVUE-HC2 Configuration: Inline Network and Inline Tool Groups. The FireEye GUI procedures focus on FireEye inline block operational mode.File Size: 1MBPage Count: 30
The FireEye CM series is a group of management platforms that consolidates the administration, reporting, and data sharing of the FireEye NX, EX, and FX series in one easy-to-deploy, network-based platform. Within the FireEye deployment, the FireEye CM enables real-time sharing of the auto-
The FireEye CM Series: CM-4400, CM-7400, CM-9400 (the module) is a multi-chip standalone . administration, reporting, and data sharing of the FireEye NX, EX, FX and AX series in one easy-to-deploy, network-based platform. Within the FireEye deployment, the FireEye CM enables
Configuring FireEye NX 2400 for Inline Block Operation Mode The FireEye GUI procedures focus on FireEye inline block operational mode. The configuration procedures in the later section will configure the GigaVUE -HC2 to send live traffic to the FireEye inline tool group, which will allow the use of FireEye's on-system deployment testing tools.
FireEye Network Security is an effective cyber threat protection solution that . 2550, NX 3500, NX 5500, NX 10550. Flexible Deployment Options FireEye Network Security offers various deployment options to match an organization’s needs and budget: . FireEye Network Security datasheet .
User Guide for FireEye 1 Overview FireEye is a combinatorial testing tool that can be used to generate t-way test sets. Combinatorial testing can effectively detect faults that are caused by unexpected interactions among different contributing factors. In this section, we provide an overview of the major features of FireEye.
FIREEYE THREAT ANALYTICS PLATFORM (TAP) FOR AWS 6 FireEye TAP on AWS FireEye TAP combines threat intelligence and security analytics derived from responding to the world's largest breaches to accelerate detection and investigation of cyber-attacks. Unlike traditional SIEM solutions, our elastic, cloud-based delivery model ensures rapid deployment
The FireEye NX Series devices must be given basic configuration via console connection prior to being connected to any network. 2.1 Using the Console To access the CLI of the FireEye appliance using the console port, follow these steps: 1. Connect the serial port of your computer directly to the DB-9 console port on the FireEye appliance. 2.
ST Title FireEye HX Series Appliances Security Target ST Version 1.0 ST Date January 25, 2015 ST Author Acumen Security, LLC. TOE Identifier FireEye HX Series Appliances TOE Hardware Versions HX 4400, HX 4400D, HX 4402, HX 9402 TOE Software Version 3.1.0 TOE Developer FireEye, Inc. Key Words Network Device, Security Appliance
2. FireEye HX Series: HX 4400, HX 4400D, HX 4402, HX 9402 The FireEye HX Series: HX 4400, HX 4400D, HX 4402, and HX 9402 (the module) is a multi-chip standalone module validated at FIPS 140-2 Security Level 1. Specifically, the module meets the following security levels for individual sections in the FIPS 140-2 standard:File Size: 721KBPage Count: 27
DATA SHEET FIREEYE NETWORK SECURITY 5 Table 1. FireEye Network Security specifications, integrated appliance. NX 2500 NX 2550 NX 3500 NX 4500 NX 5500 NX 6500 OS Support Microsoft Windows
FireEye NX device configured for inline mode and at least one interface for each FireEye NX configured for TAP mode. Refer to the Herculon SSL Orchestrator Datasheet or BIG-IP Platforms Datasheet and consider the following factors when sizing the F5 system for the integrated solution: Port density SSL bulk encryption throughput
HXTool is an extended user interface for the FireEye HX Endpoint product. HXTool can be installed on a dedicated server or on your physical workstation. HXTool provides additional features and capabilities over the standard FireEye Endpoint Security web user interface. HXTool uses the fully documented REST API that comes with
The FireEye EX series provides real-time threat prevention for spear-phishing attacks that evade traditional defenses. The EX also delivers a new level of threat prevention against blended attacks by working with the FireEye NX platform to quarantine emails with malicious URLs and trace Web-based attacks back to the original spear-phishing email.
FireEye Network with Intrusion Prevention System (IPS) technology further optimizes spend, substantially reduces false positives, and enables compliance while driving security across known and unknown threats. 1.2.1 TOE Product Type FireEye VX Series Appliances is a network appliance. Each appliance runs a custom-built hardened
The FireEye EX series provides real-time threat prevention for spear-phishing attacks that evade traditional defenses. The EX also delivers a new level of threat prevention against blended attacks by working with the FireEye NX platform to quarantine emails with malicious URLs and trace Web-based attacks back to the original spear-phishing email.
BBiiggBig-Big ---IP SSL Visibility To FireEye NXIP SSL Visibility To FireEye NX Client-Side Secure Data Exchange Unencrypted Server-Side Secure Data Exchange This deployment mode employs two BIGThis deployment mode employs two BIG- ---IP creating a decryption zone in between for InspecIP creating a decryption zone in between for Inspecttion .
The FireEye NX devices must be dual-homed on the inward and outward VLANs with each F5 system in the device S/FDG. RECOMMENDED DEPLOYMENT PRACTICES F5 and FireEye NX: SSL Visibility with Service Chaining 7 Achieve further interface redundancy with the Link Aggregation Control Protocol (LACP). LACP manages
The Group met four times in Brussels to complete its work: on 12 December 2013, on 14/15 January 2014, on 13/14 March 2014 and on 24/25 April 2014. During the term of the Group Mr Pierre Collin was appointed as member of the cabinet of Mr Moscovici, Minister of Finance in France. He continued participating in
