This course covers the fundamentals of building or refining a hunt
program in your own environment around a defined process; how to
create consistent practices to identify, define, and execute a hunt
mission; and how to measure success of your hunting program.
The Cyber Threat Hunting Workshop is a three-day in-class training
on threat hunting. Customers starting a hunting program will be
advised on how to shape a sustainable hunting program. Customers with
existing Hunt Programs will learn how to incorporate a repeatable,
flexible, and efficient process around existing hunting activities and
build consistent practices that is intelligence-led, as well as
measure the capability for success.
On day one, customers learn to be proactive in threat detection,
build out a process workflow, and understand how to develop and enrich
use cases leveraging Cyber Threat Intelligence.
On days two and three, the training bridges essential concepts for
network and endpoint hunting and then allows learners to apply
techniques to hunt for anomalous patterns. Hands-on activities follow
real-world use cases to identify attacker techniques. Learners will
leave the course with concrete use cases that they can leverage to
hunt in their own environment.
Throughout the workshop, FireEye consultants share case studies from
the field, leveraging their knowledge and experience. Instructors
provide guidance on hunting across typical security toolsets such as
SIEM, packet capture, and EDR; learners attending the course do not
need a prior knowledge of specific FireEye technology to benefit from
the instruction, however, lab activities are leveraged on the
following FireEye technologies: FireEye Helix, FireEye Endpoint
Security and FireEye Network Forensics. For example, Endpoint Hunting
use cases leverage either FireEye Endpoint Security, or Helix, or
both, to acquire data used in the Hunt Mission.
Training provided by: FireEye
START DATE: December 6, 2021 9:00am IST
END DATE: December 8, 2021 5:00pm IST
LOCATION: ILT via WebEx. Details will be provided on
COST: US$4,000 or 4 EoD units
Completion of Endpoint Investigations instructor-led
course; a working understanding of networking and network security,
the Windows operating system, file system, registry and regular
expressions, and basic experience scripting in Python (or similar) language.
Students must have access to a laptop running one of the following
browsers: Chrome (latest), Firefox (latest), or Internet Explorer (10
or greater). Wireshark is recommended.
FireEye classes include hands-on activities in the FireEye Training
Lab. Important: Students must be able to connect to the FireEye
Training Lab. Please verify connectivity for the labs prior to the
first day of class by visiting portal.ork.training.fireeye.com and portal.sfo.training.fireeye.com. You should see
the lab login screens.
The lab is a protected environment and requires a login for access.
Once registered for class, students will receive their training lab
credentials via email. These credentials will not be activated until
the first day of class, and will expire upon class completion. Please
note that any attempts to log in prior to class commencement will fail.