This course provides two days of instructor-led training in the optimization of large-scale or complex Traps configurations.
- Scale Traps infrastructure to your organization’s needs.
- Tune Traps configuration.
- Protect Linux endpoints.
- Perform advanced Traps troubleshooting.
Students should have completed “Traps 4.1: Install, Configure, and Manage” or (for Palo Alto Networks employee and partner SEs) “PSE: Endpoint Associate” training. Windows system administration skills and familiarity with enterprise security concepts also are required.
Students should learn how to design, build, implement, and optimize large-scale Traps deployments: those with multiple servers and/or thousands of endpoints. In hands-on lab exercises, students will distribute Traps endpoint software in an automated way; prepare master images for VDI deployment; build multi-ESM deployments; design and implement customized policies; test Traps with exploits created using Metasploit; and examine prevention dumps with windbg.
Module 1: Scaling Server Infrastructure
Module 2: Scaling Agent Deployment
- Small site architectures
- Large site architectures
- TLS/SSL deployment considerations
Module 3: ESM Tuning
- Distributing Traps via GPO
- Configuring Virtual Desktop
- Infrastructure with Traps
Module 4: Windows migrations for Traps
- Tuning ESM settings
- External logging and SIEM integration
- Role Based Access Control (RBAC)
- Defining Conditions
- Tuning Policies
- Implementing ongoing maintenance
Module 5: Advanced Traps Forensics
- SQL database migration
- SSL certificate migration
Module 6: Advanced Traps
- Best practices for managing forensic data
- Agent queries
- Resources for malicious software testing
- Exploit challenge testing with Metasploit
- Exploit dump analysis with windbg
- ESM and Traps architecture
- Troubleshooting scenarios usingdbconfig and cytool
- Troubleshooting application compatibility and BITS connectivity