Level: Foundation

FireEye Enterprise Incident Response with MIR

2 Day | Instructor Led

This two-day instructor-led course provides an introduction to using Mandiant for Intelligent Response (MIR) as an incident response tool. Labs take students through a breach, teaching how to perform sweep hit analysis, build live response scripts, basic unknown binary analysis, and basic Indicator of Compromise (IOC) creation.

Inquire About:
FireEye Enterprise Incident Response with MIR

Ideal Candidates for FireEye Enterprise Incident Response with MIR Class

Network security professionals and incident responders.

FireEye Enterprise Incident Response with MIR Prerequisites

Students should have a working understanding of networking and network security, the Windows OS, file system, registry, and use of the CLI.

What You'll Get in FireEye Enterprise Incident Response with MIR

What You'll Learn in FireEye Enterprise Incident Response with MIR

No Certification Test Available For This Course

No Certification Test Available For This Course

FireEye Enterprise Incident Response with MIR Outline

  1. MIR Core Concepts
    • Incident types and incident response requirements
    • MIR basics: architecture, sweeps, scripts, jobs, and IOCs
  2. Sweeping
    • Building sweeps
    • Tuning monthly sweeps
    • Hit review
  3. Binary Analysis
    • FireEye AX
    • Strings analysis
  4. Live Response
    • Live response methodology
    • Live response audit scripts
    • Interpreting live response data Pivoting / Searching
  5. IOCs
    • IOC architecture within MIR Building IOCs
    • Testing IOCs
    • Sweeping with custom IOCs


A. Erlich


I just wanted to say your presentation on Social Media Technology and Security was the finest I have ever attended.

Wilder Guerra

US Navy Reserve

This course is definitely an eye opener. With how much social media has taken over, it is important to be fully aware of the capabilities along with all the risks it brings. It is important to get this course because social media is the new norm.

Rebekah Coughlin


The Social Media and Security Training course offered by UKI is a great and beneficial course combining technical training to fully understand TCP IP networking, DNS, and the harms of malware and cross-site scripting; as well as practical training that allowed attendees to play with open source social intelligence gathering solutions. This is the perfect class for those involved in IT security and interested in social media and identity theft.

Top Related Courses

The BEC XXE exercise is a customized, six-hour, Cyber Range exercise hosted on ManTech’s Advanced Cyber Range Environment (ACRE). Lead by expert cyber security engineers, the exercise can be executed in a classroom and remotely. In this exercise, BEC-based attacks are simulated. Participants will be introduced to variations of the BEC attack (both external and internal) and will capture, preserve and recover network and host-based artifacts from the attacks. They will also determine the origin of the attacks, the extent of the compromise, and any on-going activity related to it. Discussion focuses on blue team threat hunter tasks. This exercise uses a hands-on keyboard approach to create realistic technical training and management interaction opportunities where participants respond to and report events as identified. Participants are engaged via an Incident Response "Observe/Engage" Model and are encouraged to view the attack as if it were happening to their institutions in real time. Participants are asked to share what they have done or would do based on the facts provided.

All actions in war, regardless of the level, are based upon either taking the initiative or reacting in response to the opponent. By taking the initiative, we dictate the terms of the conflict and force the enemy to meet us on our terms. The initiative allows us to pursue some positive aim even if only to preempt an enemy initiative. It is through the initiative that we seek to impose our will on the enemy.

Cyber Vanguard Series - Cyber Strike takes the offensive and defensive assault tactics and applies them in several different real world scenarios. The entire course is hands on and builds upon the skills and knowledge the students have previously received. Applications include Offensive only - Hunt Teaming, Data Harvesting, and Asset Extraction, Defensive Only – Defending Your Assets, Setting Active Intrusion Systems, Vulnerability Assessment and Remediation, and Offensive and Defensive – Capture the Flag, where teams are pitted against each other to protect their own resources while attacking the opposing team.

© 2019 Ultimate Knowledge Insitute | All Rights Reserved
GSA# GS-35F-0469W