See how Insoft Services is responding to COVID-19

Securing Cisco Networks with Sourcefire FireAMP for Endpoints (SSFAMP)


Student Registration Form

Thank you for being interested in our training! Fill out this form to pre-book or request information about the delivery options.

* Required

Course Schedule

I'd like to receive emails with the latest updates and promotions from Insoft.

Data Protection & Privacy

I hereby allow Insoft Ltd. to contact me on this topic. Further, I authorise Insoft Ltd. processing, using collecting and storing my personal data for the purpose of these activities. All your data will be protected and secured as outlined in our privacy policy.

Course Schedule

  • 2 Days Course
    Security (CLS)

    Classroom + Online

    Course Details


    Securing Cisco Networks with Sourcefire FireAMP1 (SSFAMP) for Endpoints is two days instructor-led virtual course, delivered through Cisco WebEx® and offered by Cisco Learning Services High-Touch Delivery. It is a lab-intensive course that introduces students to the powerful features of Sourcefire FireAMP software. This two-day virtual class covers information on Cisco Advanced Malware Protection (AMP) technology, deployment, management, and analysis.


    You will learn how to build and manage an AMP deployment, create policies for endpoint groups, and deploy connectors. You will also analyze malware detections using powerful tools available in the Sourcefire FireAMP console.


    This course combines lecture materials and hands-on labs throughout to make sure that you are able to successfully deploy and manage a Sourcefire FireAMP deployment.


    Associated Exam:

    This course prepares you to take the Securing Cisco Networks with Sourcefire FireAMP for Endpoints exam.


    Upon completing this course, the learner will be able to meet these overall objectives:

    • Describe the architecture and various components of Sourcefire FireAMP and FireAMP cloud
    •  Describe security concerns around malware and how attacks unfold
    •  Describe and navigate the Sourcefire FireAMP interface, dashboard, and its components
    •  Manage malware detection mechanisms
    •  Describe advanced policy configuration for endpoints
    •  Describe how to deploy and distribute the Sourcefire FireAMP connector
    •  Describe file analysis and Sourcefire FireAMP reporting
    •  Describe the private cloud offering


    •  Module 1: Sourcefire FireAMP Overview and Architecture
    •  Module 2: Console Interface and Navigation
    •  Module 3: Outbreak Control
    •  Module 4: Endpoint Policies
    •  Module 5: Groups and Deployment
    •  Module 6: Analysis
    •  Module 7: Analysis Case Studies
    •  Module 8: Accounts

     Lab Outline

    •  Lab 1: Performing the Initial Setup
    •  Lab 2: Initialize the Private Cloud
    •  Lab 3: Accessing the Sourcefire FireAMP Console
    •  Lab 4: Reviewing the Interface
    •  Lab 5: Simple Custom Detection
    •  Lab 6: Advanced Custom Detection
    •  Lab 7: Application Blocking
    •  Lab 8: Whitelisting
    •  Lab 9: DFC IP Blacklist
    •  Lab 10: Creating a Sourcefire FireAMP Policy
    •  Lab 11: Creating Groups
    •  Lab 12: Deploying the Connector
    •  Lab 13: Connector Command-line Installation
    •  Lab 14: Querying the History Database
    •  Lab 15: Installing a Policy Manually
    •  Lab 16: Testing Your Policy
    •  Lab 17: Working with Sourcefire FireAMP Events
    •  Lab 18: Detection and Quarantine Events
    •  Lab 19: File Trajectory
    •  Lab 20: Device Trajectory
    •  Lab 21: Reporting
    •  Lab 22: ZBot Analysis and Remediation
    •  Lab 23: User Accounts
    •  Lab 24: Enabling Demo Data

    Target Audience

    This course is designed for technical professionals who need to know how to deploy and manage Sourcefire FireAMP software in their network environments. The primary audience for this course includes:

    • Security administrators
    • Security consultants
    • Network administrators
    • System engineers
    • Technical support personnel
    • Channel partners and resellers


    The recommended knowledge and skills that a learner should have for the best learning outcome include:

    •  Technical understanding of TCP/IP networking and network architecture
    •  Basic familiarity with the concepts of malware detection