This course covers the Helix work flow, triaging Helix alerts,
creating and scoping cases from an alert, and using Helix Threat
Analytics during investigation.
Hands-on activities include writing MQL searches, as well as
analyzing and validating Helix alerts.
After completing this course, learners should be able to:
- Determine which data sources are most useful for Helix
detection and investigation
- Search log events across the
- Locate and use critical information in a Helix
alert to assess a potential threat
- Create a case from
events of interest
- Create and manage IAM users
Who Should Attend
Network security professionals, incident responders and FireEye
administrators and analysts who must work with Threat Analytics to
analyze data in noisy event streams.
A working understanding of networking and network security, the
Windows operating system, file system, registry and use of the command
line interface (CLI).