Alert Triage with FireEye Malware Analysis

This course is designed to prepare learners to perform alert triage from MVX engine analysis using the FireEye Malware Analysis appliance.

Learners will develop knowledge and skills on the administration and use of the FireEye Malware Analysis appliance. The course offers a hands-on lab environment in which learners can submit malware samples for deep analysis and then interpret analysis results.

Learning Objectives

After completing this course, learners should be able to:

  • Describe malware behaviors, stages of attack (malware lifecycle) and current trends in the threat landscape
  • Explain the process and initial steps of conducting malware analysis
  • Differentiate between static and dynamic analysis
  • Understand the features and functions of the Malware Analysis appliance
  • Submit malware samples to the appliance for deep analysis and alert triage
  • Locate and use critical information in analysis results to assess a potential threat
  • Identify IOCs in analysis results
  • Examine the use of YARA rules on FireEye appliances

Who Should Attend

Security analysts or incident responders who are responsible for enterprise threat management.

Prerequisites

A working understanding of networking and network security, the Windows operating system, file system, registry, and use of the command line interface (CLI).

Duration

1 day

Instructor-Led Training Instructor-Led Training

Courses cannot be purchased or accessed from this site.

If you would like to register for this course, please contact your FireEye account manager.

Thank you.

Course Outline

Instructor-led sessions are typically a blend of lecture and hands-on lab activities.

  1. FireEye Core Technology
    • Malware infection lifecycle
    • FireEye product suite integration
    • MVX engine
    • Appliance analysis phases
    • FireEye Dynamic Threat Intelligence (DTI) Cloud
  2. Threats and Malware Trends
    • Malware overview and definition
    • Motivations of malware
    • Mandiant Attack Lifecycle
    • Well-known APTs
    • Types of Malware
  3. Malware Analysis Appliance
    • Overview of appliance features and functions
    • Analysis options – sandbox vs. live
    • File share configuration
    • File and URL submissions
    • Analysis Results
  4. Malware Objects
    • Malware Object alerts
    • BOT Communication Details
    • OS Change Details – Objects
    • Malware Object origin analysis
  5. OS Changes
    • OS Change Details
    • Windows API
    • Windows registry
    • Code injection
    • Alternate data streams
    • Processes and Network Activity
    • Mutexes
    • Registry Run Keys
    • User Account Control
  6. Malware Analysis Basics
    • MVX static and dynamic analysis
    • Malware analysis tools
    • Initial malware analysis steps
  7. Custom Detection Rules
    • Yara Malware Framework File Signatures
    • YARA on FireEye Appliances
    • YARA Hexadecimal
    • Regular Expressions
    • Conditions
    • Snort Rule Processing
    • Enabling Snort Rules
    • Creating A Snort Rule