Cyber Threat Hunting: November 23- 24, 2021

Cyber Threat Hunting is two-day in-class training on threat hunting. This course covers the fundamentals of threat hunting; how to build out a hunt program in your own environment; and how to identify, define, and execute a hunt mission. The course introduces essential concepts for network and endpoint hunting and then allows learners to apply techniques to hunt for anomalous patterns. Hands-on activities follow real-world use cases to identify attacker techniques. Learners will leave the course with concrete use cases that they can leverage to hunt in their own environment.

Throughout the course, instructors provide guidance on hunting across typical security toolsets such as SIEM, packet capture, and EDR; learners attending the course do not need a prior knowledge of specific FireEye technology to benefit from the instruction, however, lab activities are leveraged on the following FireEye  technologies: FireEye Helix, FireEye Endpoint Security (HX) and FireEye Network Forensics (PX/IA). For example, Endpoint Hunting use cases leverage either FireEye Endpoint Security (HX), or Helix, or both, to acquire data used in the Hunt Mission.

Event Information

Training provided by: FireEye

  • START DATE: November 23, 2021 9:00am GMT
  • END DATE: November 24, 2021 5:00pm GMT
  • LOCATION: ILT via WebEx. Details will be provided on successful registration.
  • COST: US$3,000 or 3 EoD units

You may take this course in combination with the Hunt Mission Workshop course (November 22, 2021) for the reduced total price of $4,000 USD or 4 EOD units for both courses. Please contact us at [email protected] if you wish to purchase a seat at this combined course.


Completion of Endpoint Investigations instructor-led course; a working understanding of networking and network security, the Windows operating system, file system, registry and regular expressions, and basic experience scripting in Python (or similar) language.

Technical Requirements

Students must have access to a laptop running one of the following browsers: Chrome (latest), Firefox (latest), or Internet Explorer (10 or greater). Wireshark is recommended.

FireEye classes include hands-on activities in the FireEye Training Lab. Important: Students must be able to connect to the FireEye Training Lab. Please verify connectivity for the labs prior to the first day of class by visiting and You should see the lab login screens.

The lab is a protected environment and requires a login for access. Once registered for class, students will receive their training lab credentials via email. These credentials will not be activated until the first day of class, and will expire upon class completion. Please note that any attempts to log in prior to class commencement will fail.

Interested in this class?

If you have any additional questions, send us an email.

Thank you.