Alert Analysis with FireEye Email Security - Cloud Edition

This course provides an overview of Email Security - Cloud Edition core functionality and covers administration procedures and alert analysis..

Hands-on activities include rule/policy creation, alert generation and the breakdown and analysis of information found in a FireEye email alert that is used in incident reporting.

Learning Objectives

After completing this course, learners should be able to:

  • Describe how Email Security detects and protects against malware
  • Demonstrate knowledge of the email analysis process
  • Configure Email Security settings, policies and notifications
  • Describe  the various queues used for email management and processing
  • Identify alerts correlated with Network Security with and without Central Management
  • Find critical alert information on the Dashboard
  • Access and manage alerts and quarantined emails
  • Examine OS and file changes in alert details to identify malware behaviors and triage alerts

Who Should Attend

Analysts (primary) and administrators responsible for the set up and management of Email Security Cloud.

Prerequisites

A working understanding of networking and network security and Windows operating and file systems.

Duration

1 day

Instructor-Led Training Instructor-Led Training

Courses cannot be purchased or accessed from this site.

If you would like to register for this course, please contact your FireEye account manager.

Thank you.

Course Outline

Instructor-led sessions are typically a blend of lecture and hands-on lab activities.

  1. Threat Management with Email Security - Cloud Edition
    • Email Security Cloud internal flow
    • Phishing email attacks
    • Header, attachment and URL analysis
    • Email queues and message tracking
    • Intelligence-led detection and detection plug ins
    • Anti-fraud detection
    • AV/AS components
    • Email and Network Security alert correlation
  2. Email Security - Cloud Edition Administration
    • Authentication settings
    • Email domain and policy configuration
    • Quarantine reports
    • Digest templates
    • Portal access
    • Alert notifications
    • System settings
    • Email Security and FireEye Central Management
  3. Email Security - Cloud Edition Alerts
    • Dashboard
    • Alert summary and message details
    • Quarantine
    • Email trace
    • Email notifications
    • Reporting
  4. OS Changes
    • APIs
    • File and folder actions
    • Code injection
    • Processes
    • Mutexes
    • Windows registry events
    • Network access
    • User Account Access (UAC)
  5. Malware Objects
    • Email malware lifecycle
    • Analysis of malware object alerts
  6. Malware Analysis Basics
    • MVX Engine Review
    • Static Analysis
    • Dynamic Analysis
    • MVX Malware Analysis
  7. Custom Detection Rules (optional)
    • Yara Malware Framework File Signatures
    • YARA on FireEye Appliances
    • YARA Hexadecimal
    • Regular Expressions
    • Conditions
    • Snort Rule Processing
    • Enabling Snort Rules
    • Creating a Snort Rule