Traps 3.4 : Deploy and Optimize (EDU-285)
Palo Alto Networks® Traps™ Advanced Endpoint Protection prevents sophisticated vulnerability exploits and unknown malware-driven attacks.
Successful completion of this two-day, instructor-led course equips the student to deploy Traps in large-scale or complex configurations and optimize its configuration.
Students will learn how to design, build, implement, and optimize large scale Traps deployments: those with multiple servers and/or thousands of endpoints. In hands-on lab exercises, students will distribute Traps endpoint software in an automated way; prepare master images for VDI deployment; build multi-ESM deployments; design and implement customized policies; test Traps with exploits created using Metasploit; and examine prevention dumps with windbg.
- Course level: Intermediate
- Course duration: 2 days
- Course format: Combines instructor-facilitated lecture with hands-on labs
- Software version: Palo Alto Networks Traps Advanced Endpoint Protection 3.4
Mod 1: Deploying Traps
- Distributing endpoint software
- TLS/SSL options
- Virtual Desktop Infrastructure (VDI) deployment
- External logging and SIEM integration
Mod 2: Scaling Traps Deployments Up
- Role-based Access Control
- Deployment patterns, including Multi-ESM Server deployment
- Migration tasks
Mod 3: Optimizing Traps
- Optimizing server settings
- Defining conditions
- Designing optimized policies
- Implementing ongoing maintenance
Mod 4: Advanced Traps Forensics
- Agent queries
- Resources for malicious software testing
- Exploit challenge testing with Metasploit
- Exploit dump analysis with windbg
Mod 5: Advanced Traps Troubleshooting
- Endpoint Security Manager and Traps architecture
- Troubleshooting scenarios using dbconfig and cytool
- Troubleshooting application compatibility
- Troubleshooting BITS connectivity
Students should have completed “Traps: Install, Configure, and Manage” or (for Palo Alto Networks employee and partner SEs) “PSE: Endpoint Associate” training. Windows system administration skills and familiarity with enterprise security concepts also are required.