This PowerPackage combines the content of the Cisco Next Generation Firewall – Secure Networks with Firepower and Cisco Firepower Next Generation IPS – Advanced Threat and Malware Protection courses in one event. Compared to booking the courses individually, you save € 995,-.
-
Course Contents
-
Part 1:
- Concepts of the Cisco Firepower Thread Defense (FTD) appliance
- Functions of the NGFW
- Initial configuration and management of the Firepower Appliance
- Firepower Management Center
- Network Discovery
- Routing with FTD
- NAT and PAT with FTD
- Access Control Policy
- Application and URL filter
- High availability (active/standby failover)
- FlexConfig
- SSL proxy
- Quality of Service
- Licensing, upgrade and backup
Part 2:
- IPS interfaces
- How an IPS works
- Network Analysis Policy
- Intrusion Policy
- NGIPS Policy Tuning
- Snort Rules
- Snort 3
- Advanced Malware Protection (AMP)
- Correlation Policy
The detailed digital documentation package, consisting of an e-book and PDF, is included in the price of the course.
Premium Course Documents
In addition to the digital documentation package, the exclusive Premium Print Package is also available to you.
- High-quality color prints of the ExperTeach documentation
- Exclusive folder in an elegant design
- Document pouch in backpack shape
- Elegant LAMY ballpoint pen
- Practical notepad
The Premium Print Package can be added during the ordering process for € 300,- plus VAT (only for classroom participation).
-
Target Group
-
The two parts of the course are aimed at people in security and network administration who will be commissioning and managing a Firepower Thread Defense appliance, and both the next-generation firewall and the next-generation IPS are covered in detail. If you are planning to replace the Cisco ASA in your network with FTD, this PowerPackage is also the right place for you.
-
Knowledge Prerequisites
-
You should have basic knowledge of the TCP/IP protocol and its security risks as well as the basics of switching and routing for this PowerPackage. They should also already be familiar with how packet filters and firewalls work.
-
Complementary and Continuative Courses
- Cisco Firepower VPN Lösungen – Site-to-Site und Remote Access VPNs mit FTD
| 1 Die Grundkonfiguration der Firepower |
| 1.1 Das Konzept Firepower |
| 1.2 FTD Modelle |
| 1.2.1 Firepower Performance Estimator |
| 1.3 Firepower-Software |
| 1.4 Firepower-Lizenzen |
| 1.4.1 Smart Licenses |
| 1.4.2 License Reservation |
| 1.5 Initiale Konfiguration und Management |
| 1.5.1 Die ersten Schritte im CLI |
| 1.5.2 Die ASA-Console |
| 1.5.3 Firepower Device Manager |
| 1.6 Das Firepower Management Center |
| 1.6.1 Die Menüstruktur |
| 1.6.2 FMC: Benutzerverwaltung |
| 1.6.3 Das Management-Netz |
| 1.6.4 Konfiguration des Managers auf FTD-Geräten |
| 1.6.5 Object Management |
| 1.6.6 Deploy |
| 1.6.7 Verwalten der Lizenzen |
| 1.7 Interface-Konfiguration |
| 1.7.1 Interface-Zonen und -Gruppen |
| 1.8 Die Systemzeit |
| 1.8.1 Systemzeit der FTD-Geräte |
| 1.9 DNS-Gruppen |
| 1.10 Die Health Policy |
| 1.10.1 Health Monitor |
| 1.11 Die Network Discovery Policy |
| 1.11.1 Die Network Map |
| 1.12 Logging und Debugging |
| 1.12.1 Logging der FTD-Geräte |
| 1.12.2 Debugging |
| 1.13 SNMP |
| 1.13.1 SNMP im FTD (1000, 2100, vFTD) |
| 2 Routing mit FTD |
| 2.1 Die Routing-Tabelle |
| 2.1.1 Routing und Management-Interfaces |
| 2.2 Virtual Routers (VRF-Lite) |
| 2.3 Statische Routen |
| 2.4 OSPF |
| 2.4.1 OSPF: Konfiguration |
| 2.4.2 Interface-Eigenschaften |
| 2.4.3 OSPF: Kontrolle |
| 2.5 OSPFv3 |
| 2.6 BGP |
| 2.6.1 BGP: Kontrolle |
| 2.7 Routing-Entscheidungen |
| 2.8 Equal-Cost Multi-Path (ECMP) |
| 2.9 Policy Based Routing |
| 2.9.1 PBR: Konfiguration |
| 3 FTD als Firewall |
| 3.1 NAT |
| 3.1.1 Auto NAT vs. Manual NAT |
| 3.1.2 Abarbeitung der NAT-Regeln |
| 3.1.3 Dynamisches Auto NAT |
| 3.1.4 Statisches Auto NAT |
| 3.1.5 Statisches Manual NAT |
| 3.1.6 Statisches Manual NAT: Twice NAT |
| 3.1.7 Dynamisches Manual NAT |
| 3.2 Troubleshooting: Packet Tracer und Capture |
| 3.2.1 Packet Capture |
| 3.2.2 capture-traffic |
| 3.3 Access Control Policy |
| 3.3.1 Access Control Policy: Actions |
| 3.3.2 Access Control Policy: Regeln |
| 3.3.3 Access Control Policy: Networks |
| 3.3.4 Access Control Policy: Ports |
| 3.3.5 Access Control Policy: Applications |
| 3.3.6 Access Control Policy: URL Filter |
| 3.3.7 Access Control Policy: Weitere Parameter |
| 3.3.8 Access Control Policy: Users |
| 3.3.9 Logging in der Access Control Policy |
| 3.3.10 Access Control Policy: Organisation |
| 3.3.11 Access Control Policy: Vererbung |
| 3.3.12 Access Control Policy: Connections Events |
| 3.3.13 Security Intelligence |
| 3.3.14 DNS Policy |
| 3.4 Paketverarbeitung im FTD |
| 3.5 Prefilter Policy |
| 3.6 Performance |
| 3.6.1 Performance: LINA Engine |
| 3.6.2 Snort Engine: FMC |
| 3.6.3 Snort Engine: CLI |
| 3.6.4 Elephant Flows |
| 3.6.5 FMC Performance |
| 3.6.6 Access Control Policy |
| 3.7 Die Connection Table |
| 3.7.1 Timeouts |
| 3.8 Service Policy Rules |
| 4 Weitere Funktionen |
| 4.1 FlexConfig |
| 4.1.1 FlexConfig Objekte |
| 4.1.2 FlexConfig Policy: Protocol Inspection |
| 4.1.3 FlexConfig: Netflow |
| 4.2 Domain Management |
| 4.2.1 Domain-Verwaltung |
| 4.3 Quality of Service |
| 4.4 Redundanz |
| 4.4.1 Active/Standby Failover |
| 4.4.2 Etherchannel |
| 4.4.3 Redundant Interfaces |
| 4.4.4 Cluster |
| 4.4.5 Redundanz des FMC |
| 4.5 Firepower als SSL-Proxy |
| 4.5.1 CA einrichten |
| 4.5.2 SSL Policy |
| 4.5.3 SSL Policy: Best Practice |
| 4.6 Snort 3 |
| 4.6.1 Snort 3: Neue Funktionen |
| 5 Firepower Maintenance |
| 5.1 Updates |
| 5.2 Update des FMC |
| 5.3 FXOS Upgrade |
| 5.4 Upgrade der FTD-Software |
| 5.4.1 Revert und Uninstall |
| 5.5 Password Recovery |
| 5.6 Backup & Restore |
| 5.6.1 Backup Profiles |
| 5.6.2 Backup von FTD-Geräten |
| 5.6.3 Restore des Management Centers |
| 5.6.4 Restore der FTD-Geräte |
| 5.7 Wiederkehrende Aufgaben |
| 5.7.1 Beispiel: Backups |
| 5.7.2 Beispiel: Deployment und Updates |
| 5.8 Migration von ASA zu FTD |
| A Übungen |
| A.1 Netzwerktopologie |
| A.2 Anlegen eines neuen Benutzers (optional) |
| A.3 Einbinden in das FMC |
| A.4 Kontrolle der Grundkonfiguration |
| A.5 Interfacekonfiguration |
| A.6 Zeitsynchronisation |
| A.7 Health und Discovery Policy |
| A.8 Logging auf dem Management Center |
| A.9 Logging auf dem FTD-Gerät |
| A.10 Statisches Routing |
| A.11 NAT |
| A.12 Access Control Policy |
| A.13 FlexConfig |
| A.14 Active/Standby Failover |
| A.15 SSL-Proxy (optional) |
| A.16 Lösungsvorschläge |
| A.16.1 Benutzer anlegen |
| A.16.2 Einbinden in das FMC |
| A.16.3 Kontrolle der Grundkonfiguration |
| A.16.4 Interfacekonfiguration |
| A.16.5 Zeitsynchronisation |
| A.16.6 Health- und Discovery Policies |
| A.16.7 Logging auf dem FMC |
| A.16.8 Logging auf dem FTD-Gerät |
| A.16.9 Statisches Routing |
| A.16.10 NAT |
| A.16.11 Access Control Policy |
| A.16.12 URL-/Application Filter |
| A.16.13 Service Policy |
| A.16.14 FlexConfig |
| 1 Firepower |
| 1.1 Das Konzept Firepower |
| 1.2 FTD Modelle |
| 1.3 IPS |
| 1.4 Advanced Malware Protection |
| 2 Firepower als NGIPS |
| 2.1 Einsatz als IPS oder IDS |
| 2.2 Interfaces |
| 2.2.1 Inline Sets |
| 2.2.2 Passive Interfaces |
| 2.2.3 ERSPAN Interfaces |
| 2.3 Rule Updates |
| 2.4 Die Snort Engine |
| 2.5 Evasion Attacks |
| 2.6 Die Policys des IPS |
| 2.7 Network Analysis Policy |
| 2.7.1 Snort 2: Die Ebenen |
| 2.7.2 Snort 2: Preprocessors |
| 2.7.3 Snort 2: Scanning-Attacken |
| 2.7.4 Policys vergleichen |
| 2.8 Intrusion Policy |
| 2.8.1 Firepower Recommendations |
| 2.8.2 Advanced Settings |
| 2.8.3 Passive vs. Inline Deployments |
| 2.8.4 Externes Logging von Intrusion Events |
| 2.9 Intrusion Rules |
| 2.9.1 IPS Rules in der Policy |
| 2.9.2 Der Rule Editor |
| 2.9.3 Variablen in Snort Rules |
| 2.10 Event Monitoring |
| 2.10.1 Host Profiles |
| 2.10.2 Event View – Packets |
| 2.10.3 Suche |
| 2.11 Reporting |
| 2.12 Performance |
| 2.12.1 Performance: CLI |
| 2.12.2 Elephant Flows |
| 3 Snort 3 |
| 3.1 Snort 2 und Snort 3: Migration |
| 3.2 Network Analysis Policy |
| 3.2.1 Konfiguration der Inspectors |
| 3.3 Intrusion Policy |
| 3.3.1 Rule Groups |
| 3.3.2 Security Level |
| 3.3.3 Rule Actions |
| 3.3.4 Recommendations |
| 3.4 Intrusion Rules |
| 3.4.1 Alert Configuration |
| 3.4.2 Custom Rules |
| 3.5 Elephant Flows und Snort3 |
| 4 Advanced Malware Protection |
| 4.1 Das Konzept hinter AMP |
| 4.2 Konfiguration von AMP |
| 4.2.1 Einbinden in die Access Policy |
| 4.3 Best Practices für AMP |
| 4.3.1 Best Practices: File Detection |
| 4.3.2 Best Practices: File Blocking |
| 4.4 File und Malware Events |
| 4.4.1 File und Malware Events: Details |
| 4.4.2 Trajektorie |
| 4.5 Captured Files |
| 4.5.1 Detailanalyse |
| 4.6 Externes Logging von File Events |
| 5 Correlation |
| 5.1 Correlation |
| 5.2 Alerts |
| 5.2.1 Alarmkonfiguration |
| 5.2.2 Remediation Actions |
| 5.3 Correlation Policy |
| 5.3.1 Rule Management |
| 5.3.2 Allow Lists |
| 5.3.3 Traffic Profiles |
| 5.3.4 Traffic Policys |
| A Übungen Cisco Firepower Next Generation IPS |
| A.1 Netzwerktopologie |
| A.2 Einbinden des FTD-Gerätes in das FMC |
| A.3 Interface-Konfiguration |
| A.4 Health und Network Discovery Policy |
| A.5 Intrusion Policy |
| A.5.1 Variable Set und Access Control Policy |
| A.5.2 Portscan |
| A.5.3 Inline Normalization Snort 2 |
| A.5.4 IP Defragmentation: Snort 2 |
| A.5.5 Rate-Based Attack Prevention: Snort 2 |
| A.5.6 Rate-Based Attack Prevention: Snort 3 |
| A.5.7 User-Agent (Snort 2 und Snort 3) |
| A.5.8 Recommendations: Snort 2 und Snort 3 |
| A.6 AMP |
| A.7 Correlation: Alerts |
| A.7.1 Correlation: Remediation – Set Host Attribute |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.This PowerPackage combines the content of the Cisco Next Generation Firewall – Secure Networks with Firepower and Cisco Firepower Next Generation IPS – Advanced Threat and Malware Protection courses in one event. Compared to booking the courses individually, you save € 995,-.
-
Course Contents
-
Part 1:
- Concepts of the Cisco Firepower Thread Defense (FTD) appliance
- Functions of the NGFW
- Initial configuration and management of the Firepower Appliance
- Firepower Management Center
- Network Discovery
- Routing with FTD
- NAT and PAT with FTD
- Access Control Policy
- Application and URL filter
- High availability (active/standby failover)
- FlexConfig
- SSL proxy
- Quality of Service
- Licensing, upgrade and backup
Part 2:
- IPS interfaces
- How an IPS works
- Network Analysis Policy
- Intrusion Policy
- NGIPS Policy Tuning
- Snort Rules
- Snort 3
- Advanced Malware Protection (AMP)
- Correlation Policy
The detailed digital documentation package, consisting of an e-book and PDF, is included in the price of the course.
Premium Course Documents
In addition to the digital documentation package, the exclusive Premium Print Package is also available to you.
- High-quality color prints of the ExperTeach documentation
- Exclusive folder in an elegant design
- Document pouch in backpack shape
- Elegant LAMY ballpoint pen
- Practical notepad
The Premium Print Package can be added during the ordering process for € 300,- plus VAT (only for classroom participation).
-
Target Group
-
The two parts of the course are aimed at people in security and network administration who will be commissioning and managing a Firepower Thread Defense appliance, and both the next-generation firewall and the next-generation IPS are covered in detail. If you are planning to replace the Cisco ASA in your network with FTD, this PowerPackage is also the right place for you.
-
Knowledge Prerequisites
-
You should have basic knowledge of the TCP/IP protocol and its security risks as well as the basics of switching and routing for this PowerPackage. They should also already be familiar with how packet filters and firewalls work.
-
Complementary and Continuative Courses
- Cisco Firepower VPN Lösungen – Site-to-Site und Remote Access VPNs mit FTD
| 1 Die Grundkonfiguration der Firepower |
| 1.1 Das Konzept Firepower |
| 1.2 FTD Modelle |
| 1.2.1 Firepower Performance Estimator |
| 1.3 Firepower-Software |
| 1.4 Firepower-Lizenzen |
| 1.4.1 Smart Licenses |
| 1.4.2 License Reservation |
| 1.5 Initiale Konfiguration und Management |
| 1.5.1 Die ersten Schritte im CLI |
| 1.5.2 Die ASA-Console |
| 1.5.3 Firepower Device Manager |
| 1.6 Das Firepower Management Center |
| 1.6.1 Die Menüstruktur |
| 1.6.2 FMC: Benutzerverwaltung |
| 1.6.3 Das Management-Netz |
| 1.6.4 Konfiguration des Managers auf FTD-Geräten |
| 1.6.5 Object Management |
| 1.6.6 Deploy |
| 1.6.7 Verwalten der Lizenzen |
| 1.7 Interface-Konfiguration |
| 1.7.1 Interface-Zonen und -Gruppen |
| 1.8 Die Systemzeit |
| 1.8.1 Systemzeit der FTD-Geräte |
| 1.9 DNS-Gruppen |
| 1.10 Die Health Policy |
| 1.10.1 Health Monitor |
| 1.11 Die Network Discovery Policy |
| 1.11.1 Die Network Map |
| 1.12 Logging und Debugging |
| 1.12.1 Logging der FTD-Geräte |
| 1.12.2 Debugging |
| 1.13 SNMP |
| 1.13.1 SNMP im FTD (1000, 2100, vFTD) |
| 2 Routing mit FTD |
| 2.1 Die Routing-Tabelle |
| 2.1.1 Routing und Management-Interfaces |
| 2.2 Virtual Routers (VRF-Lite) |
| 2.3 Statische Routen |
| 2.4 OSPF |
| 2.4.1 OSPF: Konfiguration |
| 2.4.2 Interface-Eigenschaften |
| 2.4.3 OSPF: Kontrolle |
| 2.5 OSPFv3 |
| 2.6 BGP |
| 2.6.1 BGP: Kontrolle |
| 2.7 Routing-Entscheidungen |
| 2.8 Equal-Cost Multi-Path (ECMP) |
| 2.9 Policy Based Routing |
| 2.9.1 PBR: Konfiguration |
| 3 FTD als Firewall |
| 3.1 NAT |
| 3.1.1 Auto NAT vs. Manual NAT |
| 3.1.2 Abarbeitung der NAT-Regeln |
| 3.1.3 Dynamisches Auto NAT |
| 3.1.4 Statisches Auto NAT |
| 3.1.5 Statisches Manual NAT |
| 3.1.6 Statisches Manual NAT: Twice NAT |
| 3.1.7 Dynamisches Manual NAT |
| 3.2 Troubleshooting: Packet Tracer und Capture |
| 3.2.1 Packet Capture |
| 3.2.2 capture-traffic |
| 3.3 Access Control Policy |
| 3.3.1 Access Control Policy: Actions |
| 3.3.2 Access Control Policy: Regeln |
| 3.3.3 Access Control Policy: Networks |
| 3.3.4 Access Control Policy: Ports |
| 3.3.5 Access Control Policy: Applications |
| 3.3.6 Access Control Policy: URL Filter |
| 3.3.7 Access Control Policy: Weitere Parameter |
| 3.3.8 Access Control Policy: Users |
| 3.3.9 Logging in der Access Control Policy |
| 3.3.10 Access Control Policy: Organisation |
| 3.3.11 Access Control Policy: Vererbung |
| 3.3.12 Access Control Policy: Connections Events |
| 3.3.13 Security Intelligence |
| 3.3.14 DNS Policy |
| 3.4 Paketverarbeitung im FTD |
| 3.5 Prefilter Policy |
| 3.6 Performance |
| 3.6.1 Performance: LINA Engine |
| 3.6.2 Snort Engine: FMC |
| 3.6.3 Snort Engine: CLI |
| 3.6.4 Elephant Flows |
| 3.6.5 FMC Performance |
| 3.6.6 Access Control Policy |
| 3.7 Die Connection Table |
| 3.7.1 Timeouts |
| 3.8 Service Policy Rules |
| 4 Weitere Funktionen |
| 4.1 FlexConfig |
| 4.1.1 FlexConfig Objekte |
| 4.1.2 FlexConfig Policy: Protocol Inspection |
| 4.1.3 FlexConfig: Netflow |
| 4.2 Domain Management |
| 4.2.1 Domain-Verwaltung |
| 4.3 Quality of Service |
| 4.4 Redundanz |
| 4.4.1 Active/Standby Failover |
| 4.4.2 Etherchannel |
| 4.4.3 Redundant Interfaces |
| 4.4.4 Cluster |
| 4.4.5 Redundanz des FMC |
| 4.5 Firepower als SSL-Proxy |
| 4.5.1 CA einrichten |
| 4.5.2 SSL Policy |
| 4.5.3 SSL Policy: Best Practice |
| 4.6 Snort 3 |
| 4.6.1 Snort 3: Neue Funktionen |
| 5 Firepower Maintenance |
| 5.1 Updates |
| 5.2 Update des FMC |
| 5.3 FXOS Upgrade |
| 5.4 Upgrade der FTD-Software |
| 5.4.1 Revert und Uninstall |
| 5.5 Password Recovery |
| 5.6 Backup & Restore |
| 5.6.1 Backup Profiles |
| 5.6.2 Backup von FTD-Geräten |
| 5.6.3 Restore des Management Centers |
| 5.6.4 Restore der FTD-Geräte |
| 5.7 Wiederkehrende Aufgaben |
| 5.7.1 Beispiel: Backups |
| 5.7.2 Beispiel: Deployment und Updates |
| 5.8 Migration von ASA zu FTD |
| A Übungen |
| A.1 Netzwerktopologie |
| A.2 Anlegen eines neuen Benutzers (optional) |
| A.3 Einbinden in das FMC |
| A.4 Kontrolle der Grundkonfiguration |
| A.5 Interfacekonfiguration |
| A.6 Zeitsynchronisation |
| A.7 Health und Discovery Policy |
| A.8 Logging auf dem Management Center |
| A.9 Logging auf dem FTD-Gerät |
| A.10 Statisches Routing |
| A.11 NAT |
| A.12 Access Control Policy |
| A.13 FlexConfig |
| A.14 Active/Standby Failover |
| A.15 SSL-Proxy (optional) |
| A.16 Lösungsvorschläge |
| A.16.1 Benutzer anlegen |
| A.16.2 Einbinden in das FMC |
| A.16.3 Kontrolle der Grundkonfiguration |
| A.16.4 Interfacekonfiguration |
| A.16.5 Zeitsynchronisation |
| A.16.6 Health- und Discovery Policies |
| A.16.7 Logging auf dem FMC |
| A.16.8 Logging auf dem FTD-Gerät |
| A.16.9 Statisches Routing |
| A.16.10 NAT |
| A.16.11 Access Control Policy |
| A.16.12 URL-/Application Filter |
| A.16.13 Service Policy |
| A.16.14 FlexConfig |
| 1 Firepower |
| 1.1 Das Konzept Firepower |
| 1.2 FTD Modelle |
| 1.3 IPS |
| 1.4 Advanced Malware Protection |
| 2 Firepower als NGIPS |
| 2.1 Einsatz als IPS oder IDS |
| 2.2 Interfaces |
| 2.2.1 Inline Sets |
| 2.2.2 Passive Interfaces |
| 2.2.3 ERSPAN Interfaces |
| 2.3 Rule Updates |
| 2.4 Die Snort Engine |
| 2.5 Evasion Attacks |
| 2.6 Die Policys des IPS |
| 2.7 Network Analysis Policy |
| 2.7.1 Snort 2: Die Ebenen |
| 2.7.2 Snort 2: Preprocessors |
| 2.7.3 Snort 2: Scanning-Attacken |
| 2.7.4 Policys vergleichen |
| 2.8 Intrusion Policy |
| 2.8.1 Firepower Recommendations |
| 2.8.2 Advanced Settings |
| 2.8.3 Passive vs. Inline Deployments |
| 2.8.4 Externes Logging von Intrusion Events |
| 2.9 Intrusion Rules |
| 2.9.1 IPS Rules in der Policy |
| 2.9.2 Der Rule Editor |
| 2.9.3 Variablen in Snort Rules |
| 2.10 Event Monitoring |
| 2.10.1 Host Profiles |
| 2.10.2 Event View – Packets |
| 2.10.3 Suche |
| 2.11 Reporting |
| 2.12 Performance |
| 2.12.1 Performance: CLI |
| 2.12.2 Elephant Flows |
| 3 Snort 3 |
| 3.1 Snort 2 und Snort 3: Migration |
| 3.2 Network Analysis Policy |
| 3.2.1 Konfiguration der Inspectors |
| 3.3 Intrusion Policy |
| 3.3.1 Rule Groups |
| 3.3.2 Security Level |
| 3.3.3 Rule Actions |
| 3.3.4 Recommendations |
| 3.4 Intrusion Rules |
| 3.4.1 Alert Configuration |
| 3.4.2 Custom Rules |
| 3.5 Elephant Flows und Snort3 |
| 4 Advanced Malware Protection |
| 4.1 Das Konzept hinter AMP |
| 4.2 Konfiguration von AMP |
| 4.2.1 Einbinden in die Access Policy |
| 4.3 Best Practices für AMP |
| 4.3.1 Best Practices: File Detection |
| 4.3.2 Best Practices: File Blocking |
| 4.4 File und Malware Events |
| 4.4.1 File und Malware Events: Details |
| 4.4.2 Trajektorie |
| 4.5 Captured Files |
| 4.5.1 Detailanalyse |
| 4.6 Externes Logging von File Events |
| 5 Correlation |
| 5.1 Correlation |
| 5.2 Alerts |
| 5.2.1 Alarmkonfiguration |
| 5.2.2 Remediation Actions |
| 5.3 Correlation Policy |
| 5.3.1 Rule Management |
| 5.3.2 Allow Lists |
| 5.3.3 Traffic Profiles |
| 5.3.4 Traffic Policys |
| A Übungen Cisco Firepower Next Generation IPS |
| A.1 Netzwerktopologie |
| A.2 Einbinden des FTD-Gerätes in das FMC |
| A.3 Interface-Konfiguration |
| A.4 Health und Network Discovery Policy |
| A.5 Intrusion Policy |
| A.5.1 Variable Set und Access Control Policy |
| A.5.2 Portscan |
| A.5.3 Inline Normalization Snort 2 |
| A.5.4 IP Defragmentation: Snort 2 |
| A.5.5 Rate-Based Attack Prevention: Snort 2 |
| A.5.6 Rate-Based Attack Prevention: Snort 3 |
| A.5.7 User-Agent (Snort 2 und Snort 3) |
| A.5.8 Recommendations: Snort 2 und Snort 3 |
| A.6 AMP |
| A.7 Correlation: Alerts |
| A.7.1 Correlation: Remediation – Set Host Attribute |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.
Guaranteed date
Classroom Training
Hybrid Training
Trainer language German