This course is designed for technical professionals who will be administering Sophos Central and are looking to enhance their threat hunting skills using Sophos XDR.
This course is provided in a virtual classroom utilizing a Zoom meeting. This course is completed in one session and is expe cted to take up to 8 hours.
The training consists of presentations and practical lab exercises to reinforce the content taught . To access the training labs, you will need to allow outbound access from your network for RDP using TCP port 3389.
Objectives
On completion of this course, participants will be able to:
- Understand modern cyber attacks
- Construct queries using the XDR interface
- Search for Indicators of Compromise (IOC)
- Trace the source of process, network, and file activity
- Query devices for vulnerabilities / missing patches
- Perform Threat Graph analysis and remediation
- Use Investigations to identify potential IOCs
Prerequisites
This course covers advanced concepts using Live Discover from the Threat Analysis Center.
- Participants should be familiar with the Sophos Central Dashboard.
- Experience with Windows networking and the ability to troubleshoot issues.
- A good understanding of IT security.
Lab environment
Each participant will be provided with a pre-configured environment which simulates a company using Windows devices.