Quién debería asistir:

Individuals interested in a career in cybersecurity,or looking to understand more about cybersecurity operations, or working towards their CCNA Cyber OPs certification.

Pre-requisitos

Attendees should ideally meet the following prerequsites:

• • • Skills and knowledge equivalent to those learned in Interconnecting Cisco Networking Devices Part 1 (ICND1)

• • • Skills and knowledge equivalent to those learned in Security Fundamentals (SECFND)

• • • Working knowledge of the Windows operating system

• • • Working knowledge of Cisco IOS networking and concepts

Objetivos del curso

After completing this course you should be able to:

• • • Define a SOC and the various job roles in a SOC

• • • Understand SOC infrastructure tools and systems

• • • Learn basic incident analysis for a threat centric SOC

• • • Explore resources available to assist with an investigation

• • • Explain basic event correlation and normalization

• • • Describe common attack vectors

• • • Learn how to identifying malicious activity

• • • Understand the concept of a playbook

• • • Describe and explain an incident respond handbook

• • • Define types of SOC Metrics

• • • Understand SOC Workflow Management system and automation

Contenido del curso

SOC Overview

• • • Defining the Security Operations Center

• • • Understanding NSM Tools and Data

• • • Understanding Incident Analysis in a Threat-Centric SOC

• • • Identifying Resources for Hunting Cyber Threats

Security Incident Investigations

• • • Understanding Event Correlation and Normalization

• • • Identifying Common Attack Vectors

• • • Identifying Malicious Activity

• • • Identifying Patterns of Susupicious Behavior

• • • Conducting Security Incident Investigations

SOC Operations

• • • Describing the SOC Playbook

• • • Understanding the SOC Metrics

• • • Understanding the SOC WMS and Automation

• • • Describing the Incident Response Plan

• • • Appendix A – Describing the Computer Security Incident Response Team

• • • Appendix B – Understanding the use of VERIS

Labs

• • • Guided Lab 1: Explore Network Security Monitoring Tools

• • • Discovery 1: Investigate Hacker Methodology

• • • Discovery 2: Hunt Malicious Traffic

• • • Discovery 3: Correlate Event Logs, PCAPs, and Alerts of an Attack

• • • Discovery 4: Investigate Browser-Based Attacks

• • • Discovery 5: Analyze Suspicious DNS Activity

• • • Discovery 6: Investigate Suspicious Activity Using Security Onion

• • • Discovery 7: Investigate Advanced Persistent Threats

• • • Discovery 8: Explore SOC Playbooks

Examen

210-255 – SECOPS

Duración del curso: 5 días

Precio: A consultar

Cisco Learning Credit: A consultar