FireEye Advanced MIR

2 Day | Instructor Led

This two-day instructor-led course provides an advanced look at what MIR can do to find evil within your organization. Utilizing advanced IOC creation techniques and hunting methodology, students will learn how to proactively search for indications of wrong-doing on the network.

Inquire About
FireEye Advanced MIR

Ideal Candidates for FireEye Advanced MIR Class

Network security professionals and incident responders.

FireEye Advanced MIR Prerequisites

A working understanding of networking and network security, the Windows OS, file system, registry, and use of the CLI
Completed the course Enterprise Incident Response with MIR

What You'll Get in FireEye Advanced MIR

What You'll Learn in FireEye Advanced MIR

Upon completion of the course the learner should be able to:

Create advanced IOCs, that look for malware activity based on prefetch, services, scheduled tasks, registry keys, and more
Perform file and service stacking
Build PCRE regex based content and path filters for audit modules
Hunt within scheduled tasks and application compatibility cache

No Certification Test Available For This Course

No Certification Test Available For This Course

FireEye Advanced MIR Outline

  1. Moving Beyond Audit Modules
    • A look at why it is necessary to move beyond simple audit modules within MIR
    • Exploring Log analysis
  2. Windows Artifacts
    • Look at the Windows OS and how its various subsystem components operate
  3. Writing and Testing Advanced IOCs
    • Using IOC Editor to create IOCs and Redline to test IOCs
  4. Hunting Methodology and Framework
  5. Stacker 1.2.03
    • Theory and lab
  6. PCRE (PERL Compatible Regular Expressions)
    • Theory and lab
  7. Scheduled Task Hunting
    • Theory and lab
  8. Application Compatibility Cache Hunting:
    • Theory and demo/walkthrough, as well as lab availability


A. Erlich


I just wanted to say your presentation on Social Media Technology and Security was the finest I have ever attended.

Wilder Guerra

US Navy Reserve

This course is definitely an eye opener. With how much social media has taken over, it is important to be fully aware of the capabilities along with all the risks it brings. It is important to get this course because social media is the new norm.

Rebekah Coughlin


The Social Media and Security Training course offered by UKI is a great and beneficial course combining technical training to fully understand TCP IP networking, DNS, and the harms of malware and cross-site scripting; as well as practical training that allowed attendees to play with open source social intelligence gathering solutions. This is the perfect class for those involved in IT security and interested in social media and identity theft.

Top Related Courses

This two-day instructor-led course provides an introduction to using Mandiant for Intelligent Response (MIR) as an incident response tool. Labs take students through a breach, teaching how to perform sweep hit analysis, build live response scripts, basic unknown binary analysis, and basic Indicator of Compromise (IOC) creation.

This three-day instructor-led course takes the student from a FireEye Alert to investigation, discovery, and reporting on a potentially infected host. In a lab environment, students will learn the fundamentals of computer forensics investigation, including legal and ethical considerations and the use of freely available tools to analyze computers for evidence of malware and other unwanted intrusion.

© 2018 Ultimate Knowledge Insitute | All Rights Reserved | GSA# GS-35F-0469W