• Cisco Training Courses

    Insoft has been serving IT community with official Cisco training offering since 2010. Find all the relevant information on Cisco training on this page.

    View More

    Cisco Certifications

    Experience a blended learning approach that combines the best of instructor-led training and self-paced e-learning to help you prepare for your certification exam.

    View More

    Cisco Learning Credits

    Cisco Learning Credits (CLCs) are prepaid training vouchers redeemed directly with Cisco that make planning for your success easier when purchasing Cisco products and services.

    Have CLCs and want to redeem them?

    Cisco Continuing Education

    The Cisco Continuing Education Program offers all active certification holders flexible options to recertify by completing a variety of eligible training items.

    View More

    Cisco Digital Learning

    Certified employees are VALUED assets. Explore Cisco official Digital Learning Library to educate yourself through recorded sessions.

    Browse CDLL Catalogue

    Cisco Business Enablement

    The Cisco Business Enablement Partner Program focuses on sharpening the business skills of Cisco Channel Partners and customers.

    View More

    Fortinet Technical Certifications

    The Fortinet Network Security Expert (NSE) program is an eight-level training and certification program to teach engineers of their network security for Fortinet FW skills and experience.

    View More

    Fortinet Technical Courses

    Insoft is recognised as Fortinet Authorized Training Center in selected locations across EMEA.

    View More

    ATC Status

    Check our ATC Status across selected countries in Europe.

    View More

    Fortinet Services Packages

    Insoft Services has developed a specific solution to streamline and simplify the process of installing or migrating to Fortinet Products.

    Browse Packages

    Prepforce Bootcamp

    The only comprehensive source available today to prepare for Fortinet NSE 8 certification globally.

    View More

    Microsoft Training

    Insoft Services provides Microsoft training in EMEAR. We offer Microsoft technical training and certification courses that are led by world-class instructors.

    View More

    Technical Training

    The evolution of Extreme Networks Technical Training provides a comprehensive progressive pathway from Associate to Professional accreditation.

    View More

    ATP Accreditation

    As an authorised training partner (ATP), Insoft Services ensures that you receive the highest standards of education available.

    View More

    What we do

    Through our global presence and partner ecosystem, we provide strategic IT consulting services to align IT services with customers´ business goals

    View More

     

    In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure.

     

    View More

     

    Our Mission: Provide an expert set of modern & leading edge Network Automation skills to the market through professional services.

     

    View More

     

    In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure.

     

    View More

     

    In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure.

    View More

     

    In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure.

     

    View More

     

    In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure.

     

    View More

     

    We help organisations to deploy Software-Defined Networking (SDN) solutions, such as Cisco DNA. Besides, our team has extensive experience in integrating Cisco DNA Center with third-party systems

    View More

     

    In a world where technologies are evolving rapidly, every company - business needs a partner to rely on and trust for the smooth and secure operation of its network infrastructure

     

    View More

     

    The Insoft experts’ team can help enterprises get the most value from Extreme products and services following our predefined value-added packages or custom ones that fit business needs

     

    View More

    About Us

    Our training portfolio includes a wide range of IT training from IP providers, including Cisco, Extreme Networks, Fortinet, Microsoft, to name a few, in EMEA.

    View More

    Endpoint Detection Response Administration

    X

    Contact Us

    We would love to hear from you. Please complete this form to pre-book or request further information about our delivery options.

    Subscribe

    I'd like to receive emails with the latest updates and promotions from Insoft.

    Data Protection & Privacy

    I hereby allow Insoft Ltd. to contact me on this topic. Further, I authorise Insoft Ltd. processing, using collecting and storing my personal data for the purpose of these activities. All your data will be protected and secured as outlined in our privacy policy.


    Endpoint Detection Response Administration

    Enroll Now
    Endpoint Detection Response Administration
    Duration
    2 Days
    Delivery
    (Online and onsite)
    Price
    Price Upon Request
    Adversaries maneuver in covert ways—camouflaging their actions within the most trusted components already in your environment. They don’t always install something tangible like malware, but they always leave behind a behavioral trail. Endpoint detection and response (EDR) continuously monitor and gather data to provide the visibility and context needed to detect and respond to threats. But current approaches often dump too much information on already stretched security teams. MVISION EDR helps to manage the high volume of alerts, empowering analysts of all skill levels to do more and investigate more effectively. This course prepares SOC Analysts to understand, communicate, and use the features provided by Endpoint Detection and Response. Through hands-on lab exercises, you will learn how to detect advanced device threats, fully investigate, and quickly respond.

    What is EDR?

    • Recall how MVISION EDR plays a part in the company portfolio
    • Define MVISION EDR components
    • Distinguish how MVISION EDR helps the SOC Mission
    • Identify MVISION EDR capabilities
    • Describe the MITRE ATT&CK Matrix

    Architecture:

    • Describe the product/solution architecture
    • Distinguish between deployment options
    • Recall common log and product files
    • Identify product/solution communication paths and ports

    Setup and Deployment:

    • Identify the supported platform, environment, or operating systems
    • Recall the first steps for adding MVISION EDR to your environment
    • Install MVISION EDR on an on-premise (local) or MVISION ePO deployment
    • Check in the required product extension(s)
    • Deploy the MVISION EDR Client to endpoints

    Monitoring:

    • Recall what Cyber Threat Hunting is.
    • Identify different Threat Hunting styles.
    • Describe why Threat Hunting is required.
    • Recall Threat Hunting tips.
    • View threat events in the Monitoring dashboard.
    • Recall the MVISION EDR threat detection approach.
    • Recall how to take action from the Monitoring dashboard.

    Alerting:

    • Leverage the Alerting dashboard to view the raw events from managed devices
    • View how alert events match to the MITRE observed tactics and techniques

    Device Search:

    • Use device data to assist with analyzing how a threat occurred in the system and what triggered it.
    • Recall the Device Search investigation capabilities.

    Historical Search:

    • Use historical data to assist with analyzing how a threat occurred in the system and what triggered it
    • Recall the Historical Search investigation capabilities

    Real-time Search:

    • Obtain information about processes currently running on managed endpoints using real-time search queries
    • Leverage the query syntax to combine collectors and build powerful search expressions
    • Take action on search results to execute reaction code onto managed endpoints

    Investigating:

    • Analyze an investigation using the key findings and key artifacts discovered.
    • View details to investigated items, linked investigations, i nvestigation guides, and similar cases in the investigation workspace.
    • Recall what is a cyber security incident.
    • Identify the different vectors of cyber incidents.
    • Describe what is Incident Response (IR) and its importance.

    Catalog:

    • Navigate to the Catalog dashboard to view built-in collectors and reactions.
    • Use the Catalog dashboard to create or delete custom collectors and reactions.

    Action History:

    • View the details of actions performed through the Action History dashboard.

    Performance Metrics:

    • View the Performance Metrics page to analyze the amount of time spent on resolving investigations.

    Troubleshooting:

    • Walk through actions to take if no events are seen in the Monitoring dashboard
    • View MVISION EDR tenancy status
    • Perform troubleshooting steps for Investigations
    • Troubleshoot DXL connectivity

    Use Cases:

    • Use the monitoring dashboard to identify threats
    • Create an investigation
    • Quarantine a system or process
    • Perform in depth analysis using real-time search
    • Increase familiarity and workflow with MVISION EDR

    Day 1

    • Welcome
    • What is EDR?
    • Architecture
    • Setup and Deployment
    • Monitoring
    • Alerting
    • Device Search
    • Historical Search

    Day 2

    • Real-time Search
    • Investigating
    • Catalog
    • Action History
    • Performance Metrics
    • Troubleshooting
    • Use Cases
    • Incident Response
    • Threat Hunting

    This course is intended for customers, acting as either or both Analysts and Engineers, responsible for configuration, management, and monitoring activity on their systems, networks, databases and applications using the MVISION EDR solution. A working knowledge of networking, system administration, computer security concepts, and a general understanding of networking and application software.

    It is recommended that students have a working knowledge of:

    • Networking and system administration concepts
    • Computer security concepts
    • Network security concepts and practices
    • Malware analysis, forensics, tactics and techniques

    Overview

    Adversaries maneuver in covert ways—camouflaging their actions within the most trusted components already in your environment. They don’t always install something tangible like malware, but they always leave behind a behavioral trail. Endpoint detection and response (EDR) continuously monitor and gather data to provide the visibility and context needed to detect and respond to threats. But current approaches often dump too much information on already stretched security teams. MVISION EDR helps to manage the high volume of alerts, empowering analysts of all skill levels to do more and investigate more effectively. This course prepares SOC Analysts to understand, communicate, and use the features provided by Endpoint Detection and Response. Through hands-on lab exercises, you will learn how to detect advanced device threats, fully investigate, and quickly respond.

    What is EDR?

    • Recall how MVISION EDR plays a part in the company portfolio
    • Define MVISION EDR components
    • Distinguish how MVISION EDR helps the SOC Mission
    • Identify MVISION EDR capabilities
    • Describe the MITRE ATT&CK Matrix

    Architecture:

    • Describe the product/solution architecture
    • Distinguish between deployment options
    • Recall common log and product files
    • Identify product/solution communication paths and ports

    Setup and Deployment:

    • Identify the supported platform, environment, or operating systems
    • Recall the first steps for adding MVISION EDR to your environment
    • Install MVISION EDR on an on-premise (local) or MVISION ePO deployment
    • Check in the required product extension(s)
    • Deploy the MVISION EDR Client to endpoints

    Monitoring:

    • Recall what Cyber Threat Hunting is.
    • Identify different Threat Hunting styles.
    • Describe why Threat Hunting is required.
    • Recall Threat Hunting tips.
    • View threat events in the Monitoring dashboard.
    • Recall the MVISION EDR threat detection approach.
    • Recall how to take action from the Monitoring dashboard.

    Alerting:

    • Leverage the Alerting dashboard to view the raw events from managed devices
    • View how alert events match to the MITRE observed tactics and techniques

    Device Search:

    • Use device data to assist with analyzing how a threat occurred in the system and what triggered it.
    • Recall the Device Search investigation capabilities.

    Historical Search:

    • Use historical data to assist with analyzing how a threat occurred in the system and what triggered it
    • Recall the Historical Search investigation capabilities

    Real-time Search:

    • Obtain information about processes currently running on managed endpoints using real-time search queries
    • Leverage the query syntax to combine collectors and build powerful search expressions
    • Take action on search results to execute reaction code onto managed endpoints

    Investigating:

    • Analyze an investigation using the key findings and key artifacts discovered.
    • View details to investigated items, linked investigations, i nvestigation guides, and similar cases in the investigation workspace.
    • Recall what is a cyber security incident.
    • Identify the different vectors of cyber incidents.
    • Describe what is Incident Response (IR) and its importance.

    Catalog:

    • Navigate to the Catalog dashboard to view built-in collectors and reactions.
    • Use the Catalog dashboard to create or delete custom collectors and reactions.

    Action History:

    • View the details of actions performed through the Action History dashboard.

    Performance Metrics:

    • View the Performance Metrics page to analyze the amount of time spent on resolving investigations.

    Troubleshooting:

    • Walk through actions to take if no events are seen in the Monitoring dashboard
    • View MVISION EDR tenancy status
    • Perform troubleshooting steps for Investigations
    • Troubleshoot DXL connectivity

    Use Cases:

    • Use the monitoring dashboard to identify threats
    • Create an investigation
    • Quarantine a system or process
    • Perform in depth analysis using real-time search
    • Increase familiarity and workflow with MVISION EDR

    Day 1

    • Welcome
    • What is EDR?
    • Architecture
    • Setup and Deployment
    • Monitoring
    • Alerting
    • Device Search
    • Historical Search

    Day 2

    • Real-time Search
    • Investigating
    • Catalog
    • Action History
    • Performance Metrics
    • Troubleshooting
    • Use Cases
    • Incident Response
    • Threat Hunting

    This course is intended for customers, acting as either or both Analysts and Engineers, responsible for configuration, management, and monitoring activity on their systems, networks, databases and applications using the MVISION EDR solution. A working knowledge of networking, system administration, computer security concepts, and a general understanding of networking and application software.

    It is recommended that students have a working knowledge of:

    • Networking and system administration concepts
    • Computer security concepts
    • Network security concepts and practices
    • Malware analysis, forensics, tactics and techniques
      Upcoming Dates
    • ` Mar 27 - Mar 28, 2023
    • ` Apr 24 - Apr 25, 2023
    • ` May 22 - May 23, 2023
    • ` Jun 19 - Jun 20, 2023
    • ` Jul 17 - Jul 18, 2023
    • ` Aug 14 - Aug 15, 2023
    Filter

    Follow Up Courses

    Filter