Scribd Logo
Upload

Welcome to Scribd!

  • CD Mvision Edr Admin Ilt

    Uploaded by

    Saul Garcia
    12 views4 pages

    Original Title

    CD Mvision Edr Admin Ilt[3]

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views4 pages

    CD Mvision Edr Admin Ilt

    Uploaded by

    Saul Garcia

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    COURSE DESCRIPTION

    McAfee MVISION Endpoint Detection and


    Response Administration
    McAfee® Education Services Instructor-Led Training

    Adversaries maneuver in covert ways, camouflaging their actions within the most trusted Audience
    components already in your environment. They don’t always install something tangible like
    This course is intended for McAfee
    malware, but they always leave behind a behavioral trail. Endpoint detection and response customers who serve as analysts
    (EDR) continuously monitor and gather data to provide the visibility and context needed and/or engineers, responsible
    to detect and respond to threats. But current approaches often burden already-stretched for configuration, management,
    and monitoring activity on their
    security teams with too much information. McAfee® MVISION EDR helps to manage the systems, networks, databases, and
    high volume of alerts, empowering analysts of all skill levels to do more and investigate applications using the MVISION
    EDR solution. They should have a
    more effectively. This course prepares security operations center (SOC) analysts to working knowledge of networking,
    understand, communicate, and use the features of McAfee MVISION EDR. Through hands- system administration, computer
    security concepts, and a general
    on lab exercises, you will learn how to detect advanced device threats, fully investigate, and
    understanding of networking and
    respond quickly. application software.

    Earn up to 16 CPEs after completing this course.*


    * Student must self-report for CPE credits. We cannot guarantee any specific quantity, as it
    is up to the program or certification group to determine what they will or will not accept.

    Connect With Us

    1 McAfee MVISION Endpoint Detection and Response Administration


    COURSE DESCRIPTION

    Recommended Pre-Work
    Agenda at a Glance

    Day 1 Day 2 It is recommended that students



    Welcome ■
    Investigating have a working knowledge of:

    What Is EDR? ■
    Catalog

    Networking and system
    administration concepts

    Architecture ■
    Action History

    Computer security concepts

    Setup and Deployment ■
    Performance Metrics

    Network security concepts and

    Monitoring ■
    Troubleshooting
    practices

    Alerting ■
    Use Cases

    Malware analysis, forensics, and

    Historical Search ■
    Incident Response
    tactics and techniques

    Real-Time Search ■
    Threat Hunting

    Learning Objectives Setup and Deployment


    What Is EDR? ■ Identify the supported platform, environment, or
    ■ Review how MVISION EDR plays a part in the McAfee operating systems
    portfolio ■ Review the first steps for adding MVISION EDR to your
    ■ Define MVISION EDR components environment
    ■ Distinguish how MVISION EDR helps the SOC mission
    ■ Install MVISION EDR on an on-premises (local) or
    MVISION ePO™ deployment
    ■ Identify MVISION EDR capabilities
    ■ Check in the required product extension(s)
    ■ Describe the MITRE ATT&CK Matrix
    ■ Deploy the MVISION EDR Client to endpoints
    Architecture
    ■ Describe the product/solution architecture
    Monitoring
    ■ View threat events in the Monitoring dashboard
    ■ Distinguish between deployment options
    ■ Review the MVISION EDR threat detection approach
    ■ Review common log and product files
    ■ Take action from the Monitoring dashboard
    ■ Identify product/solution communication paths and
    ports

    2 McAfee MVISION Endpoint Detection and Response Administration


    COURSE DESCRIPTION

    Alerting Catalog Related Courses


    ■ Leverage the Alerting dashboard to view the raw ■ Navigate to the Catalog dashboard to view built-in
    events from managed devices collectors and reactions ■
    McAfee® MVISION Endpoint
    McAfee® MVISION Cloud
    View how alert events match to the MITRE observed Use the Catalog dashboard to create or delete custom

    ■ ■

    McAfee® MVISION ePO™


    tactics and techniques collectors and reactions


    McAfee® MVISION Mobile
    Historical Search Action History
    ■ Use historical data to assist with analyzing how a ■ View the details of actions performed through the
    threat occurred in the system and what triggered it Action History dashboard
    ■ Review the Historical Search investigation capabilities
    Performance Metrics
    Real-Time Search ■ View the Performance Metrics page to analyze the
    ■ Obtain information about processes currently running amount of time spent on resolving investigations
    on managed endpoints using real-time search queries
    Troubleshooting
    ■ Leverage the query syntax to combine collectors and ■ Walk through actions to take if no events are seen in
    build powerful search expressions the Monitoring dashboard
    ■ Take action on search results to execute reaction code ■ View MVISION EDR tenancy status
    onto managed endpoints
    ■ Perform troubleshooting steps for Investigations
    Investigating ■ Troubleshoot Data Exchange Layer (DXL) connectivity
    ■ Analyze an investigation using the key findings and key
    artifacts discovered Use Cases
    ■ Use the Monitoring dashboard to identify threats
    ■ View details to investigated items, linked investigations,
    investigation guides, and similar cases in the
    ■ Create an investigation
    investigation workspace ■ Quarantine a system or process
    ■ Perform in-depth analysis using real-time search
    ■ Increase familiarity and workflow with MVISION EDR

    3 McAfee MVISION Endpoint Detection and Response Administration


    COURSE DESCRIPTION

    Incident Response (IR) Threat Hunting Learn More


    ■ Review the definition of a cybersecurity incident ■ Review the definition of threat hunting
    ■ Identify the different vectors of cyber incidents ■ Describe why threat hunting is required To order, or for further
    information, please email
    ■ Describe IR and its importance ■ Identify threat hunting platform drivers SecurityEducation@mcafee.com.
    ■ Explain the IR lifecycle ■ Identify different threat hunting styles
    ■ Identify the data sources which may be encountered ■ Theories and models used in threat hunting
    during a digital forensic investigation ■ Describe the threat hunting maturity model
    ■ List the order of volatility in relation to digital artifacts ■ Describe advanced persistent threats
    ■ Explain the principles of evidence handling ■ Review threat hunting tips
    ■ Maintain the chain of custody of evidence
    ■ Identify tools needed for IR
    ■ Acquire evidence

    2821 Mission College Boulevard McAfee, the McAfee logo, and ePO are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries.
    Santa Clara, CA 95054 Other marks and brands may be claimed as the property of others. Copyright © 2020 McAfee, LLC. 4442_0320
    888 847 8766 MARCH 2020
    www.mcafee.com

    4 McAfee MVISION Endpoint Detection and Response Administration

    You might also like