-
4 Days
- Mar 27 - Mar 30, 2023Online
- Apr 24 - Apr 27, 2023Online
- May 22 - May 25, 2023Online
- Jun 19 - Jun 22, 2023Online
- Jul 17 - Jul 20, 2023Online
- Aug 14 - Aug 17, 2023Online
- Mar 27 - Mar 30, 2023Online
-
4 Days
- Mar 27 - Mar 30, 2023Online
- Apr 24 - Apr 27, 2023Online
- May 22 - May 25, 2023Online
- Jun 19 - Jun 22, 2023Online
- Jul 17 - Jul 20, 2023Online
- Aug 14 - Aug 17, 2023Online
- Mar 27 - Mar 30, 2023Online
-
4 Days
- Mar 27 - Mar 30, 2023Online
- Apr 24 - Apr 27, 2023Online
- May 22 - May 25, 2023Online
- Jun 19 - Jun 22, 2023Online
- Jul 17 - Jul 20, 2023Online
- Aug 14 - Aug 17, 2023Online
- Mar 27 - Mar 30, 2023Online
-
5 Days
- Mar 27 - Mar 31, 2023Online
- Apr 24 - Apr 28, 2023Online
- May 22 - May 26, 2023Online
- Jun 19 - Jun 23, 2023Online
- Jul 17 - Jul 21, 2023Online
- Aug 14 - Aug 18, 2023Online
- Mar 27 - Mar 31, 2023Online
-
2 Days
- Mar 27 - Mar 28, 2023Online
- Apr 24 - Apr 25, 2023Online
- May 22 - May 23, 2023Online
- Jun 19 - Jun 20, 2023Online
- Jul 17 - Jul 18, 2023Online
- Aug 14 - Aug 15, 2023Online
- Mar 27 - Mar 28, 2023Online
-
4 Days
- Mar 27 - Mar 30, 2023Online
- Apr 24 - Apr 27, 2023Online
- May 22 - May 25, 2023Online
- Jun 19 - Jun 22, 2023Online
- Jul 17 - Jul 20, 2023Online
- Aug 14 - Aug 17, 2023Online
- Mar 27 - Mar 30, 2023Online
-
4 Days
- Mar 27 - Mar 30, 2023Online
- Apr 24 - Apr 27, 2023Online
- May 22 - May 25, 2023Online
- Jun 19 - Jun 22, 2023Online
- Jul 17 - Jul 20, 2023Online
- Aug 14 - Aug 17, 2023Online
- Mar 27 - Mar 30, 2023Online
-
4 Days
- Apr 3 - Apr 6, 2023Online
- Jun 12 - Jun 15, 2023Online
- Aug 14 - Aug 17, 2023Online
- Oct 9 - Oct 12, 2023Online
- Nov 13 - Nov 16, 2023Online
- Dec 11 - Dec 14, 2023Online
- Apr 3 - Apr 6, 2023Online
-
4 Days
- Apr 3 - Apr 6, 2023Online
- May 1 - May 4, 2023Online
- May 29 - Jun 1, 2023Online
- Jun 26 - Jun 29, 2023Online
- Jul 24 - Jul 27, 2023Online
- Aug 21 - Aug 24, 2023Online
- Apr 3 - Apr 6, 2023Online
-
4 Days
- Apr 3 - Apr 6, 2023Online
- May 1 - May 4, 2023Online
- May 29 - Jun 1, 2023Online
- Jun 26 - Jun 29, 2023Online
- Jul 24 - Jul 27, 2023Online
- Aug 21 - Aug 24, 2023Online
- Apr 3 - Apr 6, 2023Online
-
4 Days
- Apr 3 - Apr 6, 2023Online
- May 1 - May 4, 2023Online
- May 29 - Jun 1, 2023Online
- Jun 26 - Jun 29, 2023Online
- Jul 24 - Jul 27, 2023Online
- Aug 21 - Aug 24, 2023Online
- Apr 3 - Apr 6, 2023Online
-
4 Days
- Apr 3 - Apr 6, 2023Online
- May 1 - May 4, 2023Online
- May 29 - Jun 1, 2023Online
- Jun 26 - Jun 29, 2023Online
- Jul 24 - Jul 27, 2023Online
- Aug 21 - Aug 24, 2023Online
- Apr 3 - Apr 6, 2023Online
-
4 Days
- Apr 3 - Apr 6, 2023Online
- May 1 - May 4, 2023Online
- May 29 - Jun 1, 2023Online
- Jun 26 - Jun 29, 2023Online
- Jul 24 - Jul 27, 2023Online
- Aug 21 - Aug 24, 2023Online
- Apr 3 - Apr 6, 2023Online
-
4 Days
- Apr 3 - Apr 6, 2023Online
- May 1 - May 4, 2023Online
- May 29 - Jun 1, 2023Online
- Jun 26 - Jun 29, 2023Online
- Jul 24 - Jul 27, 2023Online
- Aug 21 - Aug 24, 2023Online
- Apr 3 - Apr 6, 2023Online
X
Contact Us
We would love to hear from you. Please complete this form to pre-book or request further information about our delivery options.

2 Days

(Online and onsite)

Price Upon Request
Adversaries maneuver in covert ways—camouflaging their actions within the most trusted components already in your environment. They don’t always install something tangible like malware, but they always leave behind a behavioral trail. Endpoint detection and response (EDR) continuously monitor and gather data to provide the visibility and context needed to detect and respond to threats. But current approaches often dump too much information on already stretched security teams.
MVISION EDR helps to manage the high volume of alerts, empowering analysts of all skill levels to do more and investigate more effectively. This course prepares SOC Analysts to understand, communicate, and use the features provided by Endpoint Detection and Response. Through hands-on lab exercises, you will learn how to detect advanced device threats, fully investigate, and quickly respond.
What is EDR?
- Recall how MVISION EDR plays a part in the company portfolio
- Define MVISION EDR components
- Distinguish how MVISION EDR helps the SOC Mission
- Identify MVISION EDR capabilities
- Describe the MITRE ATT&CK Matrix
Architecture:
- Describe the product/solution architecture
- Distinguish between deployment options
- Recall common log and product files
- Identify product/solution communication paths and ports
Setup and Deployment:
- Identify the supported platform, environment, or operating systems
- Recall the first steps for adding MVISION EDR to your environment
- Install MVISION EDR on an on-premise (local) or MVISION ePO deployment
- Check in the required product extension(s)
- Deploy the MVISION EDR Client to endpoints
Monitoring:
- Recall what Cyber Threat Hunting is.
- Identify different Threat Hunting styles.
- Describe why Threat Hunting is required.
- Recall Threat Hunting tips.
- View threat events in the Monitoring dashboard.
- Recall the MVISION EDR threat detection approach.
- Recall how to take action from the Monitoring dashboard.
Alerting:
- Leverage the Alerting dashboard to view the raw events from managed devices
- View how alert events match to the MITRE observed tactics and techniques
Device Search:
- Use device data to assist with analyzing how a threat occurred in the system and what triggered it.
- Recall the Device Search investigation capabilities.
Historical Search:
- Use historical data to assist with analyzing how a threat occurred in the system and what triggered it
- Recall the Historical Search investigation capabilities
Real-time Search:
- Obtain information about processes currently running on managed endpoints using real-time search queries
- Leverage the query syntax to combine collectors and build powerful search expressions
- Take action on search results to execute reaction code onto managed endpoints
Investigating:
- Analyze an investigation using the key findings and key artifacts discovered.
- View details to investigated items, linked investigations, i nvestigation guides, and similar cases in the investigation workspace.
- Recall what is a cyber security incident.
- Identify the different vectors of cyber incidents.
- Describe what is Incident Response (IR) and its importance.
Catalog:
- Navigate to the Catalog dashboard to view built-in collectors and reactions.
- Use the Catalog dashboard to create or delete custom collectors and reactions.
Action History:
- View the details of actions performed through the Action History dashboard.
Performance Metrics:
- View the Performance Metrics page to analyze the amount of time spent on resolving investigations.
Troubleshooting:
- Walk through actions to take if no events are seen in the Monitoring dashboard
- View MVISION EDR tenancy status
- Perform troubleshooting steps for Investigations
- Troubleshoot DXL connectivity
Use Cases:
- Use the monitoring dashboard to identify threats
- Create an investigation
- Quarantine a system or process
- Perform in depth analysis using real-time search
- Increase familiarity and workflow with MVISION EDR
Day 1
- Welcome
- What is EDR?
- Architecture
- Setup and Deployment
- Monitoring
- Alerting
- Device Search
- Historical Search
Day 2
- Real-time Search
- Investigating
- Catalog
- Action History
- Performance Metrics
- Troubleshooting
- Use Cases
- Incident Response
- Threat Hunting
This course is intended for customers, acting as either or both Analysts and Engineers, responsible for configuration, management, and monitoring activity on their systems, networks, databases and applications using the MVISION EDR solution. A working knowledge of networking, system administration, computer security concepts, and a general understanding of networking and application software.
It is recommended that students have a working knowledge of:
- Networking and system administration concepts
- Computer security concepts
- Network security concepts and practices
- Malware analysis, forensics, tactics and techniques
Adversaries maneuver in covert ways—camouflaging their actions within the most trusted components already in your environment. They don’t always install something tangible like malware, but they always leave behind a behavioral trail. Endpoint detection and response (EDR) continuously monitor and gather data to provide the visibility and context needed to detect and respond to threats. But current approaches often dump too much information on already stretched security teams.
MVISION EDR helps to manage the high volume of alerts, empowering analysts of all skill levels to do more and investigate more effectively. This course prepares SOC Analysts to understand, communicate, and use the features provided by Endpoint Detection and Response. Through hands-on lab exercises, you will learn how to detect advanced device threats, fully investigate, and quickly respond.
What is EDR?
- Recall how MVISION EDR plays a part in the company portfolio
- Define MVISION EDR components
- Distinguish how MVISION EDR helps the SOC Mission
- Identify MVISION EDR capabilities
- Describe the MITRE ATT&CK Matrix
Architecture:
- Describe the product/solution architecture
- Distinguish between deployment options
- Recall common log and product files
- Identify product/solution communication paths and ports
Setup and Deployment:
- Identify the supported platform, environment, or operating systems
- Recall the first steps for adding MVISION EDR to your environment
- Install MVISION EDR on an on-premise (local) or MVISION ePO deployment
- Check in the required product extension(s)
- Deploy the MVISION EDR Client to endpoints
Monitoring:
- Recall what Cyber Threat Hunting is.
- Identify different Threat Hunting styles.
- Describe why Threat Hunting is required.
- Recall Threat Hunting tips.
- View threat events in the Monitoring dashboard.
- Recall the MVISION EDR threat detection approach.
- Recall how to take action from the Monitoring dashboard.
Alerting:
- Leverage the Alerting dashboard to view the raw events from managed devices
- View how alert events match to the MITRE observed tactics and techniques
Device Search:
- Use device data to assist with analyzing how a threat occurred in the system and what triggered it.
- Recall the Device Search investigation capabilities.
Historical Search:
- Use historical data to assist with analyzing how a threat occurred in the system and what triggered it
- Recall the Historical Search investigation capabilities
Real-time Search:
- Obtain information about processes currently running on managed endpoints using real-time search queries
- Leverage the query syntax to combine collectors and build powerful search expressions
- Take action on search results to execute reaction code onto managed endpoints
Investigating:
- Analyze an investigation using the key findings and key artifacts discovered.
- View details to investigated items, linked investigations, i nvestigation guides, and similar cases in the investigation workspace.
- Recall what is a cyber security incident.
- Identify the different vectors of cyber incidents.
- Describe what is Incident Response (IR) and its importance.
Catalog:
- Navigate to the Catalog dashboard to view built-in collectors and reactions.
- Use the Catalog dashboard to create or delete custom collectors and reactions.
Action History:
- View the details of actions performed through the Action History dashboard.
Performance Metrics:
- View the Performance Metrics page to analyze the amount of time spent on resolving investigations.
Troubleshooting:
- Walk through actions to take if no events are seen in the Monitoring dashboard
- View MVISION EDR tenancy status
- Perform troubleshooting steps for Investigations
- Troubleshoot DXL connectivity
Use Cases:
- Use the monitoring dashboard to identify threats
- Create an investigation
- Quarantine a system or process
- Perform in depth analysis using real-time search
- Increase familiarity and workflow with MVISION EDR
Day 1
- Welcome
- What is EDR?
- Architecture
- Setup and Deployment
- Monitoring
- Alerting
- Device Search
- Historical Search
Day 2
- Real-time Search
- Investigating
- Catalog
- Action History
- Performance Metrics
- Troubleshooting
- Use Cases
- Incident Response
- Threat Hunting
This course is intended for customers, acting as either or both Analysts and Engineers, responsible for configuration, management, and monitoring activity on their systems, networks, databases and applications using the MVISION EDR solution. A working knowledge of networking, system administration, computer security concepts, and a general understanding of networking and application software.
It is recommended that students have a working knowledge of:
- Networking and system administration concepts
- Computer security concepts
- Network security concepts and practices
- Malware analysis, forensics, tactics and techniques