Email Security Cloud (ETP-C)

This course provides an overview of Email Security Cloud core functionality and covers administration procedures with alert analysis.

Hands-on activities include rule/policy creation, alert generation and the breakdown and analysis of information found in a FireEye email alert that is used in incident reporting.

Learning Objectives

After completing this course, learners should be able to:

  • Demonstrate knowledge of the email analysis process
  • Identify Email Security Cloud deployment modes
  • Describe the various email services that integrate with Email Security Cloud
  • Configure Email Security Cloud settings, policies and notifications
  • Describe the various queues used for email management and processing
  • If using FireEye Network Security, list steps for integration with Email Security Cloud and identify correlated alerts
  • Find critical alert information on the Dashboard
  • Access and manage alerts and quarantined emails
  • Examine OS and file changes in alert details to identify malware behaviors

Who Should Attend

Analysts (primary) and administrators responsible for the set up and management of Email Security Cloud.


A working understanding of networking and network security, the Windows operating system, file system, registry and use of the command line interface (CLI).


1 day

Instructor-Led Training Instructor-Led Training

Courses cannot be purchased or accessed from this site.

If you would like to register for this course, please contact your FireEye account manager.

Thank you.

Course Outline

Instructor-led sessions are typically a blend of lecture and hands-on lab activities.

  1. Introduction to Email Security Cloud
    • Email Security Cloud internal flow
    • Phishing email attacks
    • Header, attachment and URL analysis
    • Anti-fraud detection
    • Email Security Cloud AV/AS components
    • Email and Network Security alert correlation
  2. Deployment and Administration
    • Deployment Modes
    • Cloud Email Service Integration
    • Authentication settings
    • Policy configuration
    • Detection verification
    • Email Queues
    • Network and Email Security Cloud alert correlation configuration
  3. Alert Administration
    • Dashboard
    • Email Alerts
    • Email Quarantine
    • Email Trace
    • Email notifications
    • Reporting
  1. File and OS Changes
    • API activity
    • File and folder actions
    • Code injection events
    • Processes – start and termination
    • Malware use of Mutual Exclusion Objects (Mutex)
    • Registry events
    • Network activity
    • Hardware Access Detection events
    • User Access Control (UAC) events
  2. Malware Objects
    • Malware objects and the payload delivery
    • Analysis of malware object alerts