Duration: 2 days
Palo Alto Networks® Traps™ Advanced Endpoint Protection prevents sophisticated vulnerability exploits and unknown malware-driven attacks. Successful completion of this two-day, instructor-led course should prepare the student to deploy Traps in large-scale or complex configurations and optimize its configuration.
By the end of the course, students should learn how to design, build, implement, and optimize large-scale Traps deployments: those with multiple servers and/or thousands of endpoints. In hands-on lab exercises, students will distribute Traps endpoint software in an automated way; prepare master images for VDI deployment; build multi-ESM deployments; design and implement customized policies; test Traps with exploits created using Metasploit; and examine prevention dumps with windbg.
- Scaling Server Infrastructure
- Small site architectures
- Large site architectures
- TLS/SSL deployment considerations
- Scaling Agent Deployment
- Distributing Traps via GPO
- Configuring Virtual Desktop Infrastructure with Traps
- ESM Tuning
- Tuning ESM settings
- External logging and SIEM integration
- Role Based Access Control (RBAC)
- Defining Conditions
- Tuning Policies
- Implementing ongoing maintenance
- Windows migrations for Traps
- SQL database migration
- SSL certificate migration
- Advanced Traps Forensics
- Best practices for managing forensic data
- Agent queries
- Resources for malicious software testing
- Exploit challenge testing with Metasploit
- Exploit dump analysis with windbg
- Advanced Traps Troubleshooting
- ESM and Traps architecture
- Troubleshooting scenarios using dbconfig and cytool
- Troubleshooting application compatibility and BITS connectivity
This course is recommended for Security Engineers, System Administrators, and Technical Support Engineers.
Students should have completed "Traps 4.1: Install, Configure, and Manage" or (for Palo Alto Networks employee and partner SEs) "PSE: Endpoint Associate" training. Windows system administration skills and familiarity with enterprise security concepts also are required.
At this time there is no associated certification with this course.