About this course

Duration 5 Days

Attend both the Forcepoint TRITON AP-DATA and AP-EMAIL Administrator courses in the same week and save £300!

During the first three days, you will learn how to test existing deployment, how to administer policies and reports, handle incidents and endpoints, upgrade and manage the AP-DATA system. You will develop skills in creating data policies, building custom classifiers and using predefined policies, incident management, reporting, and system architecture and maintenance.

During the final two days, you will learn the features, components, and key integrations that enable the AP-EMAIL functionalities; how to administer policies, handle incidents, upgrade, manage and assess the health of the AP-EMAIL system. You will develop skills in creating email policies, configure email encryption, incident management, reporting, and system architecture and maintenance.


  • End-User/Customers: System administrators, network security administrators, IT staff
  • Channel Partners: Sales Engineers, consultants, implementation specialists

Delegates will learn how to

Forcepoint TRITON AP-DATA Administrator Course:

• Understand the deployment
• Create and use custom classifiers
• Use predefined classifiers, rules and policies
• Control various channels – network, file discovery and endpoint agents
• Review Incidents and Reports
• Perform the backup and restore for logs and other data
• Perform semi-automatic failover
• Archive incidents and forensics

Forcepoint TRITON AP-EMAIL Administrator Course

• Describe the key capabilities of AP-EMAIL
• Understand the required and add-on components of AP-EMAIL
• Understand multiple deployment scenarios
• Perform initial setup configurations
• Configure connection level controls and message properties
• Create policies to fulfill various organization needs
• Understand the difference between various block/permit lists
• Configure email DLP policies
• Configure and customize PEM portal
• Understand email encryption methods
• Run and interpret reports and configure logs
• Understand how to upgrade the system and disaster recovery


Day 1

1) Intercepting with AP-WEB and AP-EMAIL
a) Checking the WCG configuration
b) Checking the AP-EMAIL configuration
c) Monitoring vs. blocking mode
d) Intercepting TLS traffic
2) Intercepting traffic with Protector
a) Protector deployment types
b) ICAP mode
3) Discovery with AP-DATA Servers
a) Classical discovery with crawler
b) Discovery with FCI Agent
c) OCR for image analysis
4) Transaction Lifecycle
a) Processing order
b) Custom extractors and steganography
c) Traffic logs
5) Methodology of DLP policy creation
a) Building AUP (Acceptable Use Policy)
b) Monitoring vs blocking
c) Classifiers, rules, c-logic, exception rules
6) Simple classifiers
a) Keywords and phrases, dictionaries
b) Regular expressions
c) File properties

Day 2

1) Scripts and predefined classifiers
a) Region-specific classifiers
b) Industry-specific classifiers
c) Data theft
2) Fingerprinting and ML
a) Unstructured fingerprinting
b) Structured fingerprinting
c) Machine Learning
3) Data Endpoint
a) Endpoints controlling applications and file discovery
b) Endpoint profiles, policies and alerts
4) Incidents and reporting
a) Incident lifecycle
b) Incident reports
5) Advanced incident workflow
a) Force-release feature
b) Email based incident workflow
6) Delegated Admins
a) Notifications data owners
b) Tiered Incident Management
c) Pseudonymization of source and destination data
d) Setting up incident response teams

Day 3

1) Custom action plans
a) Deploying simple remediation scripts
b) SIEM Integration
2) High Availability of AP-DATA Manager
a) Database partitions and file shares
b) Full backup and restore of a AP-DATA configuration
c) Semi-automatic failover
3) Resource Management
a) Archiving old incidents and forensics
b) Distributing fingerprints, policies and AP-DATA resources
c) System health logs and dashboards
4) Alerts, System Events
a) Configuring system alerts
b) Scheduling reporting and maintenance
5) Upgrades
a) AP-DATA Manager and AP-DATA Server upgrades
b) Protector and Endpoint upgrades

Day 4

1) TRITON APX overview
2) AP-EMAIL overview and what’s new
3) Understanding the deployment
a) V-series appliance
b) Network interfaces
c) Required components
d) V-series modules
e) Hardware resources
f) Internal daemons and components
g) Communication points with external services
4) Getting started with AP-EMAIL
a) Fundamental email security concepts: protected domain and email relay
b) Setting up AP-EMAIL
c) Setting up users
d) Setting email routing
5) Traffic
a) Message processing flow
b) Setting connection controls
I. Connection properties
c) Configuring message properties
I. Message size, volume
II. Recipient validation
d) True source IP detection
e) Managing message queues
6) Policies
a) Configuring policies
I. Policy components and flows
II. Policy directions
III. Policy conditions
IV. Rules
b) Built-in DLP
I. DLP integration
II. Registering with data security server

Day 5

1) Users
a) Working with users
I. Enabling PEM
II. End user block/permit list
III. IP list comparison
2) Advanced Configurations
a) Hybrid
b) Sandbox
I. URL Sandbox
II. File sandbox
III. Phishing education
c) Traffic shaping
d) Enforce TLS
3) Maintenance
a) Reporting
I. Configuring log DB options
II. Log server
III. Reporting preferences
IV. Presentation reports
b) System administration & maintenance
I. Managing appliances
II. Delegated administrator accounts
III. Back up and restore

5 Days


This is a QA approved partner course

Delivery Method

Delivery method


Face-to-face learning in the comfort of our quality nationwide centres, with free refreshments and Wi-Fi.

Find dates and prices

Online booking is currently not available for this course, to find out more please call us on 0113 220 7150 or email us at info@qa.com to discuss how we can help.

Trusted, awarded and accredited

Fully accredited to ensure we provide the highest possible standards in learning

All third party trademark rights acknowledged.