CISCO Regional Academy ( Centre for Electronic Governance) - Threat Investigation
- Offered byCoursera
Threat Investigation at Coursera Overview
Duration | 8 hours |
Start from | Start Now |
Total fee | Free |
Mode of learning | Online |
Official Website | Explore Free Course  |
Credential | Certificate |
Threat Investigation at Coursera Highlights
- Flexible deadlines Reset deadlines in accordance to your schedule.
- Shareable Certificate Earn a Certificate upon completion
- 100% online Start instantly and learn at your own schedule.
- Course 6 of 7 in the Cybersecurity Operations Fundamentals Specialization
- Approx. 8 hours to complete
- English Subtitles: English
Threat Investigation at Coursera Course details
- If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand how threat-centric SOC must prepare for analyzing new and emerging threats by implementing robust security investigation procedures By the end of the course, you will be able to Understand cyber-threat hunting concepts Describe the five hunting maturity levels (HM0,HM4) Describe the hunting cycle four-stage loop• Describe the use of the Common Vulnerability Scoring System (CVSS) and list the CVSS v3.0 base metrics Describe the CVSS v3.0 scoring components (base, temporal, and environmental) Provide an example of CVSS v3.0 scoring • Describe the use of a hot threat dashboard within a SOC Provide examples of publicly available threat awareness resources Provide examples of publicly available external threat intelligence sources and feeds Describe the use of security intelligence feed Describe threat analytics systems Describe online security research tools • Simulate malicious actions to populate the event data on the Security Onion tools for later analysis • Identify resources for hunting cyber threats. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.
Threat Investigation at Coursera Curriculum
Identifying Resources for Hunting Cyber Threats
Introduction to Identifying Resources for Hunting Cyber Threats
Cyber Threat Hunting Concepts
Hunting Maturity Model
Cyber Threat Hunting Cycle
Common Vulnerability Scoring System
CVSS v3.0 Scoring
CVSS v3.0 Example
Hot Threat Dashboard
Publicly Available Threat Awareness Resources
Security Intelligence
Threat Analytic Systems
Security Tools Reference
Wrap-Up
Introduction to Identifying Resources for Hunting Cyber Threats
Cyber-Threat Hunting Concepts
Hunting Maturity Model
Cyber Threat Hunting Cycle
Common Vulnerability Scoring System
CVSS v3.0 Base Metrics
CVSS v3.0 Temporal Metrics
CVSS v3.0 Environmental Metrics
CVSS v3.0 Scoring
CVSS v3.0 Example
Hot Threat Dashboard
Hot Threat Process
Hot Threat Challenges
Open Web Application Security Project
Spamhaus Project
Alexa
Publicly Available Threat Awareness Resources Practice Quiz
Other External Threat Intelligence Sources and Feeds Reference
Security Intelligence
Threat Analytic Systems
Security Tools Reference
Wrap-Up
Cyber-Threat Hunting Concepts Practice Quiz
Hunting Maturity Model Practice Quiz
Cyber Threat Hunting Cycle Practice Quiz
Common Vulnerability Scoring System Practice Quiz
Practice Quiz
CVSS v3.0 Scoring Practice Quiz
Hot Threat Dashboard Practice Quiz
Security Intelligence Practice Quiz
Threat Analytic Systems Practice Quiz
Identifying Resources for Hunting Cyber Threats Course Exam
Understanding Event Correlation and Normalization
Introduction to Understanding Event Correlation and Normalization
Event Sources
Evidence
Chain of Custody
Security Data Normalization
Event Correlation
Other Security Data Manipulation
Wrap-Up
Introduction to Understanding Event Correlation and Normalization
Event Sources
Intrusion Prevention System
Firewalls
NetFlow
Proxy Servers
Identity and Access Management
Antivirus
Application Logs
Evidence
Chain of Custody
Security Data Normalization
Event Correlation
Other Security Data Manipulation
Aggregation
Summarization
Deduplication
Wrap-Up
Event Sources Practice Quiz
Evidence Practice Quiz
Chain of Custody Practice Quiz
Event Correlation Practice Quiz
Other Security Data Manipulation Practice Quiz
Understanding Event Correlation and Normalization Course Exam
Conducting Security Incident Investigations
Introduction to Conducting Security Incident Investigations
Security Incident Investigation Procedures
Threat Investigation Example: China Chopper Remote Access Trojan
Wrap-Up
Introduction to Conducting Security Incident Investigations
Security Incident Investigation Procedures
When: When Did the Events Occur?
Who: What IP/Domain Was Associated with the Malware?
Where: Where Did the Infection Come From?
What: What Type of Malware Is on the System?
Why: What Does the Malware Do and What Is Its Purpose?
How: How Did the Malware Get onto the System?
Introduction
Threat Investigation Example: China Chopper Remote Access Trojan
Wrap-Up
Security Incident Investigation Procedures Practice Quiz
Threat Investigation Example: China Chopper Remote Access Trojan Practice Quiz
Conducting Security Incident Investigations Course Exam
Using a Playbook Model to Organize Security Monitoring
Introduction to Using a Playbook Model to Organize Security Monitoring
Security Analytics
Playbook Definition
What Is in a Play?
Playbook Management System
Wrap-Up
Introduction to Using a Playbook Model to Organize Security Monitoring
Security Analytics
Playbook Definition
What Is in a Play?
Report Identification
Objective
Data Query
Action
Analysis
Reference
Playbook Management System
Wrap-Up
Security Analytics Practice Quiz
Playbook Definition Practice Quiz
What Is in a Play Practice Quiz
Playbook Management System Quiz
Course Exam
Threat Investigation at Coursera Admission Process
Important Dates
Other courses offered by Coursera
Student Forum
Anything you would want to ask experts?