Advanced FirePower Bootcamp – Threat Defense

Advanced FirePower Bootcamp – Threat Defense

Course Information

Technology : Cisco Security

Duration : 4 Days Course

Review : 1 Star2 Stars3 Stars4 Stars5 Stars (5 votes, average: 3.80 out of 5)
Loading...
  • Advanced FirePower Bootcamp – Threat Defense

    Upcoming Dates

    Course Details

    Overview

    The Advanced FirPOWER training is an instructor-led, lab-based, hands-on course. This course is part of a portfolio of security courses designed to help businesses support and maintain their Cisco Firepower systems. This lab-intensive course introduces you to the basic next-generation intrusion prevention system and firewall security concepts. The course then leads you through theCisco Firepower system. Among other powerful features, you will become familiar with:

    • In-depth event analysis
    • NGIPS tuning and configuration
    • Snort rules language

    You will also become familiar with the latest platform features: file and malware inspection, security intelligence, domain awareness, and more. The course begins by introducing the system architecture, the latest major features, and the role of policies in implementing the solution. You learn how to manage deployed devices and perform basic Cisco Firepower discovery. You will be able to describe how to use and configure Cisco NGIPS technology, including application control, security intelligence, firewall, and network-based malware and file controls.

    You will learn how to take advantage of powerful tools so you can carry out more efficient event analysis, including the detection of file type and network-based malware. And you will learn how to properly tune systems for better performance and greater network intelligence. The course finishes with system and user administration tasks. This course combines lecture materials and hands-on labs that will give you practice in deploying and managing the Cisco Firepower system.

    Objectives

    Prepforce Specials

    This course workshop is part of our custom created special courses because of one or more following reasons.

    • Most of the time, the courses are requested by Cisco BU.
    • The courses designed are part of the Cisco derivative work approved contents.
    • The course was designed to follow an exam where Cisco approved contents are not available.
    • The course follows a specific project, which is been requested by a customer.

    Outline

    Lesson 1: FireSIGHT System Overview and Classroom Setup

    • Cisco FireSIGHT System Overview
    • Virtual Network

    Lesson 2: Hardware Overview and Architecture

    • FireSIGHT System Components
    • firePOWER Device Features and Capabilities
    • Configuring FireSIGHT System Devices
    • Traffic Flow Through the FireSIGHT System

    Lesson 3: Device Management

    • Device Management
    • OSFP Configuration Options
    • Policy-Based NAT
    • Gateway VPN
    • Clustered High-Avalability State Sharing Overview

    Lesson 4: User Account Management

    • User Account Management

    Lesson 5: Object Management

    • Object Management

    Lesson 6: Access Control Policy

    • Access Control Policy
    • Adding Rule Constraints

    Lesson 7: FireSIGHT Tecnhology

    • FireSIGHT Technology Overview
    • Discovery Overview
    • Connection Events
    • User Discovery Data Collection Sources
    • User Discovery Technology

    Lesson 8: Network-Based Malware Detection

    • Network-Based Malware Detection Architecture and Configuration
    • File-type Detection Architecture
    • Malware Detection and Blocking
    • File-Disposition Caching
    • Working with file storage
    • Working with File Lists
    • File Policy Considerations
    • Using the file Policy
    • File-type and Malware Events and the Network Trajectory
    • Viewing Threat Scores and Dynamic Analsys Reports

    Lesson 9: managing SSL Traffic

    • SSL Network Traffic Challenges

    Lesson 10: IPS Policy Basics

    • IPS Policies and Configuration Concepts.

    Lesson 11: Network analysis Policy

    • Network Analysis Policy Introduction
    • Understanding Preprocessors
    • Network Analysis Policy Configuration
    • Network Analysis Policy Configuration Cont.
    • Configuring Preprocessors

    Lesson 12: Event analysis

    • Intrusion analysis Workflow
    • Selecting Events to Analyze
    • Analyze Events in Context
    • Is This Event a Security Threat?
    • Is this information useful?
    • Tuning Options
    • Rule documentation
    • Assisting in Incident Response

    Lesson 13: Reporting

    • Reporting Overview
    • Report Templates

    Lesson 14: Correlation Policies

    • Correlation Rules and Policies
    • Whitelist
    • Traffic Profiles

    Lesson 15: Basic Rule Syntax and Usage

    • Snort Rules Overview
    • Rule Headers
    • Rule Body
    • Writing Rules

    Appendix A: Sourcefire System Customization

    • Custom Workflows and Searches
    • Correlation Rules
    • Custom Dashboard Widgets
    • Reporting
    • Whitelist
    • Traffic Profiles

    Appendix B: Case Studies in Rule Writing and Packet Analysis

    Pre-Requisites

    • Technical understanding of TCP/IP networking and network architecture
    • Basic familiarity with the concepts of intrusion detection systems (IDS) and IPS

    Course Schedule