This course covers the fundamentals of network flow analysis, session
analysis, application metadata analysis, and reconstruction of data
from full content utilizing the FireEye Network Forensics (PX Series)
and Investigation Analysis (IA Series) appliances.
Hands-on activities include using both PX and IA to perform search
queries and filtering, as well as following alerts from integrated
After completing this course, learners should be able to:
- Describe the deployment of PX and IA in the context of FireEye
products and services that may be part of the environment used for
network traffic monitoring and analysis.
- Define connection,
packet, and session data in context of network traffic
- Perform network traffic analysis using the PX and
- Reconstruct files or artifacts from full network packet
data from resulting session data events using PX and IA.
- Follow threat alerts from integrated FireEye systems (EX, NX,
HX, PX) and intelligence feeds (iSIGHT and other) that aid in the
breach investigation and hunting processes.
Who Should Attend
Network security professionals and incident responders who must work
with FireEye Network Forensics and Investigation Analysis appliances
to analyze cyber threats through packet data.
A working understanding of networking and network security, the
Windows operating system, file system, registry and use of the command
line interface (CLI).