Endpoint Security Deployment

This entry-level course covers deployment options, basic administration and core functionality for FireEye Endpoint Security (HX). Hands-on activities include appliance administration, how to read alerts generated by FireEye Endpoint Security and how to contain infected endpoints.

Learning Objectives

After completing this course, learners should be able to:

  • Identify the components needed for FireEye Endpoint Security deployment
  • Identify the key phases of Endpoint Security operation
  • Perform the initial configuration of Endpoint Security appliances and hosts
  • Create custom threat indicators
  • Identify critical information in an Endpoint Security alert
  • Validate an Endpoint Security alert
  • Request and approve hosts for containment

Who Should Attend

Network security professionals, incident responders and FireEye administrators and analysts who must set up or work with FireEye Endpoint Security appliances.


A working understanding of networking and network security, the Windows operating system, file system, registry and use of the command line interface (CLI).


1 day

Instructor-Led Training Instructor-Led Training

Courses cannot be purchased or accessed from this site.

If you would like to register for this course, please contact your FireEye account manager.

Thank you.

Course Outline

Instructor-led sessions are typically a blend of lecture and hands-on lab activities.

  1. HX Product Features, Deployment and Administration
    • HX deployment
    • Intelligence sources
    • Phases of HX operation
    • Lookback cache
    • Agent installation
    • Host sets
  2. Detection
    • Threat sources & indicators
    • Appliance integration
    • Alerts
    • Triage with Triage Summary
    • Acquire files, triage packages, other built-in acquisitions from hosts
    • Run searches across all hosts in the enterprise
  3. Containment
    • Containment process
    • Containing hosts
  4. Audit Viewer
    • Access Acquisitions in Audit Viewer
    • Search and filter acquisition data
    • Apply tags and comments