About this course

Course code TPNMA_MATD
Duration 4 Days

  • Understand the benefits and Configure and manage sandbox images for malware analysis. „
  • Detect and analyze malware as it is transmitted across a network. „
  • Integrate ATD with other McAfee Products including McAfee Web Gateway and McAfee Threat Intelligence Exchange. „
  • View and export McAfee Advanced Threat Defense reports.

Prerequisites

It is recommended that students have a working knowledge of Microsoft Windows administration, a basic understanding of computer security concepts, and a general understanding of Internet services.

Delegates will learn how to

Day 1 „

  • About the Course „
  • Malware Overview „
  • Incident Response Overview „
  • ATD Overview „
  • ATD Deployment Strategies „
  • ATD Architecture „
  • ATD Installation „
  • ATD Command line and Web Interface „
  • Licensing and Updates „
  • Logging „
  • Administrator Configuration

Day 2 „

  • ATD Policy „
  • Virtual Image Creation „
  • ATD Integration „
  • Malware Analysis „
  • Reporting and Notifications

Day 3 „

  • McAfee Data Exchange Layer and Threat Intelligence Exchange „
  • ATD Integration with TIE

Day 4 „

  • Incident Response Review „
  • Troubleshooting

Outline

Module 1: About the Course

  • „ McAfee University Curriculum
  • „ Introductions
  • „ About the Course
  • „ Lab Environment

Module 2: Malware Overview

  • „ Malware Types
  • „ Malware Types
  • „ Malware Vectors
  • „ Malware Detection
  • „ Malware Lifecycle

Module 3: Incident Response Overview

  • „ Tenets of Incident Response
  • „ Incident Response Lifecycle
  • „ Incident Reponse and ATD

Module 4: ATD Overview

  • „ ATD in a Security Environment
  • „ ATD Static and Dynamic Analysis
  • „ Supported File Types

Module 5: ATD Deployment Strategies

  • „ Network Topology
  • „ ATD Interaction
  • „ ATD and GTI

Module 6: ATD Architecture

  • „ ATD Appliance Hardware
  • „ ATD Architecture
  • „ Remote Management and Monitoring
  • „ ATD Network Ports

Module 7: ATD Installation

  • „ ATD Installation and Configuration
  • „ ATD Connections

Module 8: ATD Command line and Operating System

  • „ Advanced Threat Defense Command Line Interface
  • „ Commonly Used CLI Commands
  • „ ATD Web Interface
  • „ Dashboard Tab
  • „ Analysis Tab
  • „ Policy Tab
  • „ Manage Tab

Module 9: Licensing and Updates

  • „ Advanced Threat Defense Licensing
  • „ ATD Disk Setup
  • „ Updating ATD Appliance
  • „ ATD Backups
  • „ Installation Troubleshooting

Module 10: Logging

  • „ ATD Logging
  • „ System Log and Status
  • „ ATD Dashboard

Module 11: Administrator Configuration

  • „ ATD Users
  • „ ATD Roles
  • „ Administrator policy Configuration

Module 12: ATD Policy

  • „ ATD Policy
  • „ VM Profile
  • „ Analyzer Profile
  • „ ATD Malware Internet Access
  • „ ATD Policy Workflow

Module 13: Virtual Image Creation

  • „ Virtual Machine Creation
  • „ Creating a VMDK file
  • „ Configuring the Operating System for ATD
  • „ Import VMDK into ATD
  • „ Convert the VMDK file into an ATD image file

Module 14: ATD Integration

  • „ ATD Integration Overview
  • „ FTP
  • „ RESTful API
  • „ McAfee Web Gateway
  • „ Network Security Platform
  • „ Host Operating System Identification
  • „ ePO Integration

Module 15: Malware Analysis

  • „ Supported File Types
  • „ ATD Malware Analysis
  • „ White List
  • „ Black List
  • „ Malware Engines and GTI
  • „ Sandbox Analysis
  • „ Analysis Status

Module 16: Notifications and Reporting

  • „ ATD Analysis Reports
  • „ ATD Sandbox Analysis Summary
  • „ Dropped Files
  • „ Disassembly Results
  • „ Logic Path Graph
  • „ User API Log
  • „ Complete Results
  • „ ATD Report Formats
  • „ ATD Notifications

Module 17: McAfee DXL/TIE

  • „ McAfee Data Exchange Layer
  • „ McAfee Threat Intelligence Exchange
  • „ TIE Workflow
  • „ TIE Server Configuration

Module 18: ATD Integration with TIE

  • „ ATD DXL/ePO configuration
  • „ ePO Policy Configuration
  • „ Malware Analysis Workflow
  • „ ePO Reporting

Module 19: Incident Response Review

  • „ Malware Incident Reporting Lifecycle
  • „ Preparation
  • „ Detection
  • „ Analysis
  • „ Containment, Eradication and Recovery
  • „ Post-Incident Activity

Module 20: Troubleshooting

  • „ ATD Troubleshooting Resources
  • „ ATD Troubleshooting
  • „ ATD Log Files
  • „ ATD Common Issues
  • „ Integration Troubleshooting

4 Days

Duration

This is a QA approved partner course

Delivery Method

Delivery method

Classroom

Face-to-face learning in the comfort of our quality nationwide centres, with free refreshments and Wi-Fi.

Find dates and prices

Online booking is currently not available for this course, to find out more please call us on 0345 074 7998 or email us at info@qa.com to discuss how we can help.

Trusted, awarded and accredited

Fully accredited to ensure we provide the highest possible standards in learning

All third party trademark rights acknowledged.