Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Coursera

Threat Investigation

Cisco via Coursera

Overview

If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand how threat-centric SOC must prepare for analyzing new and emerging threats by implementing robust security investigation procedures • By the end of the course, you will be able to: • Understand cyber-threat hunting concepts • Describe the five hunting maturity levels (HM0–HM4) • Describe the hunting cycle four-stage loop• Describe the use of the Common Vulnerability Scoring System (CVSS) and list the CVSS v3.0 base metrics• Describe the CVSS v3.0 scoring components (base, temporal, and environmental) • Provide an example of CVSS v3.0 scoring • Describe the use of a hot threat dashboard within a SOC • Provide examples of publicly available threat awareness resources • Provide examples of publicly available external threat intelligence sources and feeds• Describe the use of security intelligence feed • Describe threat analytics systems • Describe online security research tools • Simulate malicious actions to populate the event data on the Security Onion tools for later analysis • Identify resources for hunting cyber threats. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

Syllabus

  • Identifying Resources for Hunting Cyber Threats
    • If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand how threat-centric SOC must prepare for analyzing new and emerging threats by implementing robust security investigation procedures • By the end of the course, you will be able to: • Understand cyber-threat hunting concepts • Describe the five hunting maturity levels (HM0–HM4) • Describe the hunting cycle four-stage loop• Describe the use of the Common Vulnerability Scoring System (CVSS) and list the CVSS v3.0 base metrics• Describe the CVSS v3.0 scoring components (base, temporal, and environmental) • Provide an example of CVSS v3.0 scoring • Describe the use of a hot threat dashboard within a SOC • Provide examples of publicly available threat awareness resources • Provide examples of publicly available external threat intelligence sources and feeds• Describe the use of security intelligence feed • Describe threat analytics systems • Describe online security research tools • Simulate malicious actions to populate the event data on the Security Onion tools for later analysis • Identify resources for hunting cyber threats. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.
  • Understanding Event Correlation and Normalization
    • If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you describe event correlation and normalization. By the end of the course, you will be able to: • Describe network security monitoring event sources (IPS, Firewall, NetFlow, Proxy Server, IAM, AV, and application logs)• Describe direct evidence and circumstantial evidence • Describe chain of custody for all evidence and interacting with law enforcement • Describe an example of security data normalization • Provide an example of security events correlation • Explain the basic concepts of security data aggregation, summarization, and deduplication • Use the Security Onion Sguil and ELSA applications as the SIEM platform to monitor the network for peculiarities and start an investigation. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.
  • Conducting Security Incident Investigations
    • If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will explain how to conduct security incident investigations. By the end of the course, you will be able to: • Explain the objective of security incident investigation: Discover the who, what, when, where, why, and how of the incident • Describe the China Chopper Remote Access Trojan • Identify network traffic that was created by an advanced persistent threat (APT). To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.
  • Using a Playbook Model to Organize Security Monitoring
    • If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand how to use a playbook model to organize security monitoring. By the end of the course, you will be able to: • Describe the security analytics process • Describe the use of a playbook in a SOC • Describe the components of a play in a typical SOC playbook • Describe the use of a playbook management system in the SOC • Explore SOC playbooks. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

Taught by

Cisco Learning & Certifications

Reviews

5 rating at Coursera based on 24 ratings

Start your review of Threat Investigation

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.