The Symantec Endpoint Detection and Response 4.x Planning, Implementation, and Administration course is designed for the IT security and systems administration professional in a Security Operations role. This course covers how to investigate, remediate, and recover from a security incident using Symantec Endpoint Detection and Response, as well as the prerequisite sizing and architecture configurations for implementing Symantec Endpoint Detection and Response On-Prem.

By the completion of this course, you will be able to:

• Plan and implement a Symantec Endpoint Detection and Response deployment
• Configure SEDR to perform endpoint detection and  response
• Identify evidence of suspicious and malicious activity
• Search for indicators of compromise
• Block, isolate, and remove threats in the  environment
• Collect forensic information

This course assumes that students are familiar with
Symantec Endpoint Detection & Response and
Symantec Endpoint Protection

Module 1: Introduction

•  The Evolving Threat Landscape
• Challenges of Endpoint Detection and Response in the environment 
• How Symantec Endpoint Detection and Response  meets objectives
• Components of Symantec Endpoint Detection and Response
•  Shared Technologies
• Symantec Endpoint Detection and Response AddOns and Integrations

Module 2: Architecture and Sizing

• Architecture and Sizing Overview
• Architecture
• Sizing

Module 3: Implementation

• System Requirements
• Installing and Bootstrapping
• Setup Wizard
• Management Console Overview
• Managing Certificates
• User Accounts and Roles
• Symantec Endpoint Protection Integration

Module 4: Detecting Threats

• Understanding Suspicious & Malicious Activity
• Prerequisite configuration or considerations
• Identifying evidence of suspicious/malicious activitywith Symantec EDR

Module 5: Investigating Threats

• General Stages of an Advanced Attack
• Understanding Indicators of Compromise
• Searching for Indicators of Compromise
• Analyzing Endpoint Activity Recorder Data
• Additional Investigation Tools

Module 6: Responding to Threats

• Cybersecurity Framework
• Isolating Threats in The Environment
• Blocking Threats in The Environment
• Removing Threats in The Environment
• Tuning the Environment

Module 7: Reporting on Threats

    Recovery Overview
    Notifications and Reporting
    Collecting forensic data for further investigation of
    security incidents
    Using Symantec EDR to create a Post Incident
    Report