Alert Analysis with FireEye File Protect

This course is designed to prepare analysts to triage and derive meaningful, actionable information from alerts on FireEye File Protect..

In a hands-on lab environment, learners will be presented with various alert types and real-world scenarios in which they will conduct in-depth analysis on the behavior and attributes of malware to assess real-world threats.

Learning Objectives

After completing this course, learners should be able to:

  • Recognize current malware threats and trends
  • Understand the threat detection and prevention capabilities of your FireEye Security Solution
  • Locate and use critical information in a FireEye alert to assess a potential threat
  • Examine OS and file changes in alert details to identify malware behaviors and triage alerts
  • Identify Indicators of Compromise (IOCs) in a FireEye alert and use them to identify compromised hosts

Who Should Attend

Security professionals, incident responders and FireEye analysts.

Prerequisites

A working understanding of networking and network security, the Windows operating system, file system, registry, and use of the command line interface (CLI).

Duration

1 day

Instructor-Led Training Instructor-Led Training

Courses cannot be purchased or accessed from this site.

If you would like to register for this course, please contact your FireEye account manager.

Thank you.

Course Outline

Instructor-led sessions are typically a blend of lecture and hands-on lab activities.

  1. FireEye Core Technology
    • Malware infection lifecycle
    • MVX engine
    • Appliance analysis phases
  2. Threats and Malware Trends
    • Malware overview and definition
    • Motivations of malware
    • Mandiant Attack Lifecycle
    • Types of Malware
  3. Threat Management
    • ·Features and functions of the FireEye File Protect
    •  Appliance Web UI
    •  Alert overview
  4. OS Changes
    • APIs
    • File and folder actions
    • Code injection
    • Processes
    • Muteses
    • Windows registry events
    • Network access
    • User Account Access (UAC)
  5. Malware Objects
    • Malware object alerts
    • BOT Communication Details
    • OS Change Details for malware objects
    • Malware object origin analysis
  6. Malware Analysis Basics
    • MVX Engine Review
    • Static anlysis
    • Dynamic Analysis
    • MVX Malware Analysis
  7. Custom Detection Rules (optional)
    • Yara Malware Framework File Signatures
    • YARA on FireEye Appliances
    • YARA Hexadecimal
    • Regular Expressions
    • Conditions
    • Snort Rule Processing
    • Enabling Snort Rules
    • Creating a Snort Rule