Training Overview


InQuest offers robust training packed into a two-day immersion course on all aspects of File Detection and Response (FDR).

The course curriculum is designed to address the needs of two key personas (which may or may not be separate individuals depending on your organization):

  • Security Analyst
  • System Administrator

Training can be structured around our standard course material or tailored to specific customer needs.

Depending on the scale of training needed, InQuest can package training either virtually or in-person.

Each curriculum module is summarized below.

FDR System Overview

This module covers our product impetus, product highlights, Deep File Inspection, Threat Intelligence, strategic integrations, cloud services, system information architecture, malware carriers, and support levels.

FDR Threat Discovery and Score

This module covers IQ Score overview, artifacts analyzed, threat score contributors, detracting factors, tailored signatures, more on malware carriers, and a threat score review.

FDR Cloud Infrastructure

This module covers Multi-AV, Eyelet Reputation database, Threat Exchange and automatic updates.

FDR Event Anatomy

This module covers event confidence and severity, file identification, file characteristics, suspicious characteristics, evasion characteristics, header analytics, data loss, YARA signatures, sessions and files, Syslog, and a signature walkthrough.

FDR UI

This module covers our UI dashboard, areas of analysis, analysis search, analysis workflow and audit trail, analysis tools, session/threat details, reports, filtration, and policies (InQuest, user-defined, C2 and blacklist).

System Installation and Configuration

This module covers system installation, appliances, management interface selection, IPv4/v6 configuration, Manager installation, Collector installation, and network configuration.

System Monitoring

This module covers health monitoring, disk and network statistics, capture engine statistics, device management and health, network communications, global system configuration, integrations (local, InQuest, ICAP), and troubleshooting.

Summary

Course participants will come away with three key advancements:

  1. An in-depth understanding of File Detection and Response features and capabilities
  2. Necessary system installation, configuration and management knowledge
  3. Insights into how seasoned security analysts and threat hunters here at InQuest go about the process of finding, analyzing, and taking against modern security risks, threats, breaches and incidents