Sound the Alarm: Detection and Response
- Offered byCoursera
Sound the Alarm: Detection and Response at Coursera Overview
Duration | 21 hours |
Start from | Start Now |
Total fee | Free |
Mode of learning | Online |
Difficulty level | Beginner |
Official Website | Explore Free Course  |
Credential | Certificate |
Sound the Alarm: Detection and Response at Coursera Highlights
- Flexible deadlines Reset deadlines in accordance to your schedule.
- Shareable Certificate Earn a Certificate upon completion
- 100% online Start instantly and learn at your own schedule.
- Coursera Labs Includes hands on learning projects. Learn more about Coursera Labs External Link
- Beginner Level
- Approx. 21 hours to complete
- English Subtitles: English
Sound the Alarm: Detection and Response at Coursera Course details
- This is the sixth course in the Google Cybersecurity Certificate. These courses will equip you with the skills you need to apply for an entry-level cybersecurity job. You’ll build on your understanding of the topics that were introduced in the fifth Google Cybersecurity Certificate course.
- In this course, you will focus on incident detection and response. You'll define a security incident and explain the incident response lifecycle, including the roles and responsibilities of incident response teams. You'll analyze and interpret network communications to detect security incidents using packet sniffing tools to capture network traffic. By assessing and analyzing artifacts, you'll explore the incident investigation and response processes and procedures. Additionally, you'll practice using Intrusion Detection Systems (IDS) and Security Information Event Management (SIEM) tools.
- Google employees who currently work in cybersecurity will guide you through videos, provide hands-on activities and examples that simulate common cybersecurity tasks, and help you build your skills to prepare for jobs.
- Learners who complete this certificate will be equipped to apply for entry-level cybersecurity roles. No previous experience is necessary.
- By the end of this course, you will:
- - Explain the lifecycle of an incident.
- - Describe the tools used in documentation, detection, and management of incidents.
- - Analyze packets to interpret network communications.
- - Perform artifact investigations to analyze and verify security incidents.
- - Identify the steps to contain, eradicate, and recover from an incident.
- - Determine how to read and analyze logs during incident investigation.
- - Interpret the basic syntax and components of signatures and logs in Intrusion Detection Systems (IDS) and Network Intrusion Detection Systems (NIDS) tools.
- - Perform queries in Security Information and Event Management (SIEM) tools to investigate an event.
Sound the Alarm: Detection and Response at Coursera Curriculum
Introduction to detection and incident response
Introduction to Course 6
Dave: Grow your cybersecurity career with mentors
Welcome to week 1
Introduction to the incident response lifecycle
Incident response teams
Fatima: The importance of communication during incident response
Incident response plans
Incident response tools
The value of documentation
Intrusion detection systems
Alert and event management with SIEM and SOAR tools
Wrap-up
Course 6 overview
Helpful resources and tips
Portfolio Activity Exemplar: Document an incident with an incident handler's journal
Roles in response
Overview of detection tools
Glossary terms from week 1
Portfolio Activity: Document an incident with an incident handler's journal
Test your knowledge: The incident response lifecycle
Test your knowledge: Incident response operations
Test your knowledge: Detection and documentation tools
Weekly challenge 1
Network monitoring and analysis
Welcome to week 2
Casey: Apply soft skills in cybersecurity
The importance of network traffic flows
Data exfiltration attacks
Packets and packet captures
Interpret network communications with packets
Reexamine the fields of a packet header
Packet captures with tcpdump
Wrap-up
Maintain awareness with network monitoring
Learn more about packet captures
Investigate packet details
Resources for completing labs
Overview of tcpdump
Glossary terms from week 2
Test your knowledge: Understand network traffic
Test your knowledge: Capture and view network traffic
Test your knowledge: Packet inspection
Weekly challenge 2
Incident investigation and response
Welcome to week 3
The detection and analysis phase of the lifecycle
MK: Changes in the cybersecurity industry
The benefits of documentation
Document evidence with chain of custody forms
The value of cybersecurity playbooks
The role of triage in incident response
Robin: Foster cross-team collaboration
The containment, eradication, and recovery phase of the lifecycle
The post-incident activity phase of the lifecycle
Wrap-up
Cybersecurity incident detection methods
Indicators of compromise
Analyze indicators of compromise with investigative tools
Activity Exemplar: Investigate a suspicious file hash
Best practices for effective documentation
Activity Exemplar: Use a playbook to respond to a phishing incident
The triage process
Business continuity considerations
Post-incident review
Glossary terms from week 3
Activity: Investigate a suspicious file hash
Test your knowledge: Incident detection and verification
Activity: Use a playbook to respond to a phishing incident
Test your knowledge: Response and recovery
Activity: Review a final report
Weekly challenge 3
Network traffic and logs using IDS and SIEM tools
Welcome to week 4
The importance of logs
Rebecca: Learn new tools and technologies
Variations of logs
Security monitoring with detection tools
Components of a detection signature
Examine signatures with Suricata
Examine Suricata logs
Reexamine SIEM tools
Query for events with Splunk
Query for events with Chronicle
Wrap-up
Course wrap-up
Best practices for log collection and management
Overview of log file formats
Detection tools and techniques
Overview of Suricata
Search methods with SIEM tools
Glossary terms from week 4
Portfolio Activity Exemplar: Finalize your incident handler's journal
Course 6 glossary
Get started on the next course
Test your knowledge: Overview of logs
Test your knowledge: Log components and formats
Test your knowledge: Overview of intrusion detection systems (IDS)
Activity: Perform a query with Splunk
Activity: Perform a query with Chronicle
Test your knowledge: Overview of SIEM tools
Weekly challenge 4
Portfolio Activity: Finalize your incident handler's journal
Sound the Alarm: Detection and Response at Coursera Admission Process
Important Dates
Other courses offered by Coursera
Student Forum
Anything you would want to ask experts?