FireEye Endpoint Sandbox

Solution Overview
FireEye Security Suite is a complete enterprise security solution that helps security organizations do more with less.  The tightly integrated suite consists of:

  • Integrated endpoint protection and detection/response functionality.
  • Rich threat intelligence integrated with the experience of Mandiant.
  • Helix cloud-based next-generation SIEM including advanced user behavior analytics.
  • Security orchestration.
  • "Investigative Workbench," integration of alert and event data from all sources.
  • Workflow management.
  • Compliance reporting.

This lab provides a sandbox environment that can be used to evaluate the FireEye endpoint security product across a wide variety of devices, including both Windows and Unix-based operating systems. There is also an attack machine, running Kali Linux from which a user can deploy benign, non-weaponized malware to test the efficacy of these tools. 

Goals & Objectives

The purpose of the sandbox lab is to help you develop proficiency in deploying, managing and monitoring the FireEye endpoint security solution. The lab guide provides a flexible framework for evaluating the solution, its installation and behavior in a sample customer environment.

The lab environment will allow you to:
  • Access the ESA baseline sandbox environment.
  • Log in to the cloud-based portal.
  • Navigate the portal's interface and workflow.
  • Deploy agents on Windows systems.
  • Deploy agents on Linux systems. 

Hardware & Software

  • FireEye Endpoint Security (current version). 
Server Devices 
  • 1x Windows Jumphost (Windows Server 2016). 
  • 1x FireEye HX Virtual Appliance.
  • 1x Generic Server (Windows Server 2012). 
  • 1x Generic Server (Windows Server 2016). 
  • 1x Generic Server (Red Hat Enterprise Linux 7). 
  • 1x Generic Server (CentOS 7). 
  • 1x Generic Server (Solaris 11). 
Client Devices 
  • 1x Attack Client (Windows 10 Enterprise). 
  • 1x Generic Client (Windows 7 Enterprise). 
  • 1x Attack Host (Kali Linux 2018).