Cyber Threat Hunting Workshop: December 6- 8, 2021

This course covers the fundamentals of building or refining a hunt program in your own environment around a defined process; how to create consistent practices to identify, define, and execute a hunt mission; and how to measure success of your hunting program.

The Cyber Threat Hunting Workshop is a three-day in-class training on threat hunting. Customers starting a hunting program will be advised on how to shape a sustainable hunting program. Customers with existing Hunt Programs will learn how to incorporate a repeatable, flexible, and efficient process around existing hunting activities and build consistent practices that is intelligence-led, as well as measure the capability for success.

On day one, customers learn to be proactive in threat detection, build out a process workflow, and understand how to develop and enrich use cases leveraging Cyber Threat Intelligence.

On days two and three, the training bridges essential concepts for network and endpoint hunting and then allows learners to apply techniques to hunt for anomalous patterns. Hands-on activities follow real-world use cases to identify attacker techniques. Learners will leave the course with concrete use cases that they can leverage to hunt in their own environment.

Throughout the workshop, FireEye consultants share case studies from the field, leveraging their knowledge and experience. Instructors provide guidance on hunting across typical security toolsets such as SIEM, packet capture, and EDR; learners attending the course do not need a prior knowledge of specific FireEye technology to benefit from the instruction, however, lab activities are leveraged on the following FireEye  technologies: FireEye Helix, FireEye Endpoint Security and FireEye Network Forensics. For example, Endpoint Hunting use cases leverage either FireEye Endpoint Security, or Helix, or both, to acquire data used in the Hunt Mission.

Event Information

Training provided by: FireEye

  • START DATE: December 6, 2021 9:00am IST
  • END DATE: December 8, 2021 5:00pm IST
  • LOCATION: ILT via WebEx. Details will be provided on successful registration.
  • COST: US$4,000 or 4 EoD units


Completion of Endpoint Investigations instructor-led course; a working understanding of networking and network security, the Windows operating system, file system, registry and regular expressions, and basic experience scripting in Python (or similar) language.

Technical Requirements

Students must have access to a laptop running one of the following browsers: Chrome (latest), Firefox (latest), or Internet Explorer (10 or greater). Wireshark is recommended.

FireEye classes include hands-on activities in the FireEye Training Lab. Important: Students must be able to connect to the FireEye Training Lab. Please verify connectivity for the labs prior to the first day of class by visiting and You should see the lab login screens.

The lab is a protected environment and requires a login for access. Once registered for class, students will receive their training lab credentials via email. These credentials will not be activated until the first day of class, and will expire upon class completion. Please note that any attempts to log in prior to class commencement will fail.

Interested in this class?

If you have any additional questions, send us an email.

Thank you.