FireEye Endpoint Security Administration and Diagnostics

This course introduces deployment, configuration and basic administration for FireEye Endpoint Security. From this baseline, the workshop introduces a framework for troubleshooting the FireEye Endpoint Security Server and the FireEye agent. The course includes checklists, case studies and guidance for transitioning difficult cases to the FireEye support team. Optional modules expand this workshop to include FireEye core hardware and virtual appliances..

This workshop is experimental hands-on and will give learners experience with administering Endpoint Security, adjust common configurations, and resolving common issues.

Learning Objectives

After completing this course, learners should be able to:

  • Identify the components needed for FireEye Endpoint Security deployment
  •  Identify the key phases of Endpoint Security operation
  • Perform the initial configuration of Endpoint Security appliances and hosts
  • Create custom rules
  • Understand core analyst features of Endpoint Security such as alerting, enterprise search, and containing endpoints
  • Resolve issues commonly encountered with Endpoint Security Agent whitelisting
  • Validate endpoints to ensure that they are performing as expected
  • Use Endpoint Security logs and diagnostics for troubleshooting
  • Explore common issues across core installations
  • Understand common issues with hardware and virtual appliances

Who Should Attend

Network security professionals and FireEye administrators and analysts who must set up or work with the FireEye Endpoint Security platform.

Prerequisites

Experience with network administration and support..

Duration

2 days

Instructor-Led Training Instructor-Led Training

Courses cannot be purchased or accessed from this site.

If you would like to register for this course, please contact your FireEye account manager.

Thank you.

Course Outline

Instructor-led sessions are typically a blend of lecture and hands-on lab activities.

  1. Administration and Configuration
    • Endpoint Security Operational Overview
    • FireEye Endpoint Security agent
    • Ring buffer
    • Appliance configuration
    • Agent management and configuration
    • Host management
  2. Rules and Alerts
    • Rules
    • Alerts and Alert Types
    • Triage Summary
    • Searching across all hosts in the enterprise
    • Acquiring files, triage packages, other built-in acquisitions
  3. Deployment Diagnostics
    • Checking hardware deployment
    • Agent compatibility and installation
  4. FireEye Core Product Diagnostics
    • Diagnostic process
    • Basic Troubleshooting
    • Best practice
    •  Common issues
      • Licensing
      • Operation
      • Notifications
      • Boot
      • Upgrade
  5. Hardware Troubleshooting
    • Troubleshooting PSU and HDD issues
    • Universal LED and Raid configuration
  6. Virtual Hardware Troubleshooting
    • Installation
    • Licensing and setup
  7. Logs
    • Obtaining logs and configuration files
    • Searching and understanding logs
    • Creating endpoint diagnostics
  8. Connectivity
    • Agent connectivity and validation
    • Determine communication failures
  9. Containment and Whitelisting
    • Containment Settings
    • Whitelisting known files and 3rd party programs
    • Validating a whitelist
  10. Performance
    • General performance settings
    • Understanding and editing polling
    • Evaluating individual endpoints 
  11.  FireEye Support and Community
    • Transitioning a case to FireEye Customer Support
    • Using the FireEye Customer Portal

Optional Content

  1. Audit Viewer
    • Types of Analysis Data
    • Searching and filtering acquisition data
    • Applying tags and comments