Endpoint Security for Analysts(WBT)

This entry-level online course covers core functionality of FireEye Endpoint Security, including features, operational workflows, alert analysis, and containment.

Learning Objectives

After completing this course, learners should be able to:

  • Identify the components of FireEye Endpoint Security
  • Describe the communication between the Endpoint Security Server and the FireEye Endpoint agent
  • Describe the function of the ring buffer
  • Create hosts sets
  • Create custom threat indicators
  • Identify critical information in an Endpoint Security alert
  • Request and approve hosts for containment
  • Use Enterprise Search to find artifacts on managed hosts
  • Acquire files and triages from hosts
  • Review a triage or acquisition using Audit Viewer  

Who Should Attend

Analysts and Incident Responders who use FireEye Endpoint Security.


A working understanding of networking and network security, the Windows operating system, file system, and Windows registry.


2-2.5 hours

Web-Based Training Web-Based Training

Courses cannot be purchased or accessed from this site.

If you would like to register for this course, please contact your FireEye account manager.

Thank you.

Course Outline

  1. Introduction to Endpoint Security
  2. Fundamentals of Endpoint Security
    • FireEye Ecosystem
    • FireEye Endpoint Agent
    • Ring Buffer
    • Detection Engines
    • Host Sets
  3. Threat Management
    • Rules
    • Endpoint Security Alerts
    • Triage Summary
  4. Containment
    • Containment process
    • Roles for Containment
  5. Searches and Acquisitions
    • Enterprise Search
    • Exhaustive Search
    • Acquiring files and triage packages
    • Audit Viewer