Securing Cisco Networks with Sourcefire FireAMP Endpoints
- Código del Curso SSFAMP
- Duración 3 días
- Versión 6.0
Otros Métodos de Impartición
Otras opciones de pago
-
GTC 27 IVA Incluido
¿Qué son los GTC?
- CLC 30
Salta a:
Método de Impartición
Este curso está disponible en los siguientes formatos:
-
Cerrado
Cerrado
-
Clase de calendario
Aprendizaje tradicional en el aula
-
Aprendizaje Virtual
Aprendizaje virtual
-
Elearning (a tu propio ritmo)
E-learning a tu propio ritmo
Solicitar este curso en un formato de entrega diferente.
Temario
Parte superiorThe Protecting Against Malware Threats with Cisco AMP for Endpoints (SSFAMP) course shows you how to deploy and use Cisco® AMP for Endpoints, a next-generation endpoint security solution that prevents, detects, and responds to advanced threats. Through expert instruction and hands-on lab exercises, you will learn how to implement and use this powerful solution through several step-by-step attack scenarios. You’ll learn how to build and manage a Cisco AMP for Endpoints deployment, create policies for endpoint groups, and deploy connectors. You will also analyze malware detections using the tools available in the AMP for Endpoints console.
Virtual Learning
This interactive training can be taken from any location, your office or home and is delivered by a trainer. This training does not have any delegates in the class with the instructor, since all delegates are virtually connected. Virtual delegates do not travel to this course, Global Knowledge will send you all the information needed before the start of the course and you can test the logins.
Calendario
Parte superiorDirigido a
Parte superiorAnyone involved in the deployment and utilisation of Cisco AMP for Endpoints
Objetivos del Curso
Parte superiorAfter completing this course you should be able to:
- Identify the key components and methodologies of Cisco Advanced Malware Protection (AMP)
- Recognize the key features and concepts of the AMP for Endpoints product
- Navigate the AMP for Endpoints console interface and perform first-use setup tasks
- Identify and use the primary analysis features of AMP for Endpoints
- Use the AMP for Endpoints tools to analyze a compromised host
- Analyze files and events by using the AMP for Endpoints console and be able to produce threat reports
- Configure and customize AMP for Endpoints to perform malware detection
- Create and configure a policy for AMP-protected endpoints
- Plan, deploy, and troubleshoot an AMP for Endpoints installation
- Use Cisco Orbital to pull query data from installed AMP for Endpoints connectors.
- Describe the AMP Representational State Transfer (REST) API and the fundamentals of its use
- Describe all the features of the Accounts menu for both public and private cloud installations
Contenido
Parte superiorIntroducing to Cisco AMP Technologies
- Cisco Talos
- AMP Threat-Centric Security Model
- Protection Framework
- Retrospection Framework
- Cisco SecureX
Introducing AMP for Endpoints Overview and Architecture
- Cisco AMP for Endpoints
- Cisco AMP Cloud Architecture
- Cisco AMP Private Cloud
- Cisco AMP for Endpoints Integration
Navigating the Console Interface
- Activating Your Cisco Account
- Quick Start Configuration and Deployment
- Console Dahsboard
- Menu System
Using Cisco AMP for Endpoints
- Exploring Your Environment with the AMP Console
- System Operations
Identifying Attacks
- Identifying and Containing a Low Prevelance Threat
- Using CVE with AMP for Endpoints
- Using File Trajectory to Track a Threat
Analyzing Malware
- Analyzing Events
- Using Cisco Threat Grid
- File Analysis
- Further Analysis Features
- Reporting
Managing Outbreak Control
- Managing Malware Detections
- Managing Indications of Compromise
Creating Endpoint Policies
- Configuring Endpoint Policies - Basics
- Configuring Endpoint Policies - Advanced Settings
Working with AMP for Endpoint Groups
- Examining Groups
- Configuring Exclusions
- Preparing for a Deployment
- Deployng Windows Connectors
- Windows Installation and the Connector Interface
- Troubleshooting Cisco AMP for Endpoints
Using Orbital for Endpoint Visibility
- Introducing Cisco Orbital
- Orbital Console
- Using Cisco Orbital to Obtain Endpoint Information
- Osquery Syntax
Introducing AMP REST API
- Examining the AMP REST API
- REST API Documentation and Resources
- Query Response Data Structure: JSON
- REST API Authentication
- Performing REST API Transactions
- Using REST API Data in other Applications
Navigating Accounts
- User Administration
- Further Account Options
Labs
- Amp Account Self-Registration
- Accessing AMP for Endpoints
- Attack Scenario
- Analysis Tools and Reporting
- Outbreak Control
- Endpoint Policies
- Groups and Deployment
- Testing Your Configuration
- Endpoint Visibility Using Orbital
- REST API
- Endpoint Isolation Using Cisco AMP API
- User Accounts
Pre-requisitos
Parte superiorAttendees should meet the following prerequisites:
- Technical understanding of TCP/IP networking and network architecture
- Technical understanding of security concepts and protocols
Certificación de Prueba
Parte superiorRecommended as preparation for the following exam:
- There is currently no exam aligned to this course
- #000000