We may earn an affiliate commission when you visit our partners.
Cisco Learning & Certifications
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand how threat-centric SOC must prepare for analyzing new and emerging threats by implementing robust security investigation procedures • By the end of the course, you will be able to: • Understand cyber-threat hunting concepts • Describe the five hunting maturity levels (HM0–HM4) • Describe the hunting cycle four-stage loop• Describe the use of the Common Vulnerability Scoring System (CVSS) and list the CVSS v3.0 base metrics• Describe the CVSS v3.0 scoring components (base, temporal, and environmental) • Provide an example of CVSS v3.0 scoring • Describe the use of a hot threat dashboard within a SOC • Provide examples of publicly available threat awareness resources • Provide examples of publicly available external threat intelligence sources and feeds• Describe the use of security intelligence feed • Describe threat analytics systems • Describe online security research tools • Simulate malicious actions to populate the event data on the Security Onion tools for later analysis • Identify resources for hunting cyber threats. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.
Register for this course and see more details by visiting:
OpenCourser.com/course/g09bph/threat
Three deals to help you save
We found three deals and offers that may be relevant to this course.
Save money when you learn.
All coupon codes, vouchers, and discounts are applied automatically unless otherwise noted.
Valid until December 12
Annual Subscription Savings
Unlock programs from Google, Microsoft, and IBM and join 77% of learners who reported positive career outcomes.
Only $239!
Valid for a limited time only
Future-proof your career
Access O'Reilly books, live events, courses, and more. Save with an annual subscription.
Take
15%
off
What's inside
Syllabus
Identifying Resources for Hunting Cyber Threats
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand how threat-centric SOC must prepare for analyzing new and emerging threats by implementing robust security investigation procedures • By the end of the course, you will be able to: • Understand cyber-threat hunting concepts • Describe the five hunting maturity levels (HM0–HM4) • Describe the hunting cycle four-stage loop• Describe the use of the Common Vulnerability Scoring System (CVSS) and list the CVSS v3.0 base metrics• Describe the CVSS v3.0 scoring components (base, temporal, and environmental) • Provide an example of CVSS v3.0 scoring • Describe the use of a hot threat dashboard within a SOC • Provide examples of publicly available threat awareness resources • Provide examples of publicly available external threat intelligence sources and feeds• Describe the use of security intelligence feed • Describe threat analytics systems • Describe online security research tools • Simulate malicious actions to populate the event data on the Security Onion tools for later analysis • Identify resources for hunting cyber threats. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.
Read more
Syllabus
Identifying Resources for Hunting Cyber Threats
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand how threat-centric SOC must prepare for analyzing new and emerging threats by implementing robust security investigation procedures • By the end of the course, you will be able to: • Understand cyber-threat hunting concepts • Describe the five hunting maturity levels (HM0–HM4) • Describe the hunting cycle four-stage loop• Describe the use of the Common Vulnerability Scoring System (CVSS) and list the CVSS v3.0 base metrics• Describe the CVSS v3.0 scoring components (base, temporal, and environmental) • Provide an example of CVSS v3.0 scoring • Describe the use of a hot threat dashboard within a SOC • Provide examples of publicly available threat awareness resources • Provide examples of publicly available external threat intelligence sources and feeds• Describe the use of security intelligence feed • Describe threat analytics systems • Describe online security research tools • Simulate malicious actions to populate the event data on the Security Onion tools for later analysis • Identify resources for hunting cyber threats. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.
Read more
Understanding Event Correlation and Normalization
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you describe event correlation and normalization. By the end of the course, you will be able to: • Describe network security monitoring event sources (IPS, Firewall, NetFlow, Proxy Server, IAM, AV, and application logs)• Describe direct evidence and circumstantial evidence • Describe chain of custody for all evidence and interacting with law enforcement • Describe an example of security data normalization • Provide an example of security events correlation • Explain the basic concepts of security data aggregation, summarization, and deduplication • Use the Security Onion Sguil and ELSA applications as the SIEM platform to monitor the network for peculiarities and start an investigation. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.
Conducting Security Incident Investigations
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will explain how to conduct security incident investigations. By the end of the course, you will be able to: • Explain the objective of security incident investigation: Discover the who, what, when, where, why, and how of the incident • Describe the China Chopper Remote Access Trojan • Identify network traffic that was created by an advanced persistent threat (APT). To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.
Using a Playbook Model to Organize Security Monitoring
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand how to use a playbook model to organize security monitoring. By the end of the course, you will be able to: • Describe the security analytics process • Describe the use of a playbook in a SOC • Describe the components of a play in a typical SOC playbook • Describe the use of a playbook management system in the SOC • Explore SOC playbooks. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.
Good to know
Good to know
Know what's good ,
what to watch for , and
possible dealbreakers
Builds a strong foundation for beginners in Threat Hunting analysis and investigation
Explores industry-standard practices and techniques for Threat Hunting, making it highly relevant in the field
Taught by Cisco Learning & Certifications, recognized for their work in networking and Cybersecurity
Covers unique perspectives and ideas that may add color to other cybersecurity topics
Requires working knowledge of Windows and Linux operating systems, which may be a barrier for some learners
Assumes learners have familiarity with basics of networking security concepts, which may not be suitable for absolute beginners
Save this course
Save Threat Investigation to your list so you can find it easily later:
Save
Save
Activities
Be better prepared
before
your course. Deepen your understanding
during
and
after
it. Supplement your coursework and achieve mastery of the topics covered
in Threat Investigation with these
activities:
Security Practice Drills
Show steps
Establish the foundation for security incident investigations.
Browse courses on
Cybersecurity
Show steps
-
Identify and understand basic security techniques used in network security monitoring.
-
Practice identifying evidence of a security incident.
-
Develop skills in correlating and normalizing security events.
-
Prepare for advanced persistent threat (APT) analysis.
Cybersecurity Playbook Development
Show steps
Enhance your understanding of playbook development and incident response.
Browse courses on
Security Playbooks
Show steps
-
Create a cybersecurity playbook for your organization.
-
Identify the incident response procedures for your organization.
-
Develop a plan for testing and maintaining the playbook.
SOC Program Design
Show steps
Enhance understanding of SOC operations and threat hunting strategies.
Browse courses on
Threat Hunting
Show steps
-
Attend a workshop on SOC program design.
-
Learn about different types of SOCs and their functions.
-
Develop a plan for implementing a SOC program.
-
Identify and evaluate threat hunting tools and techniques.
One other activity
Expand to see all activities and additional details
Show all four activities
Open-Source Threat Intelligence Analysis
Show steps
Gain experience in gathering and analyzing threat intelligence from open sources.
Show steps
-
Identify and utilize reputable open-source threat intelligence feeds.
-
Develop a process for collecting, filtering, and analyzing threat intelligence data.
-
Share and collaborate on threat intelligence findings with the community.
Security Practice Drills
Show steps
Establish the foundation for security incident investigations.
Browse courses on
Cybersecurity
Show steps
Show steps
Show steps
- Identify and understand basic security techniques used in network security monitoring.
- Practice identifying evidence of a security incident.
- Develop skills in correlating and normalizing security events.
- Prepare for advanced persistent threat (APT) analysis.
Cybersecurity Playbook Development
Show steps
Enhance your understanding of playbook development and incident response.
Browse courses on
Security Playbooks
Show steps
Show steps
Show steps
- Create a cybersecurity playbook for your organization.
- Identify the incident response procedures for your organization.
- Develop a plan for testing and maintaining the playbook.
SOC Program Design
Show steps
Enhance understanding of SOC operations and threat hunting strategies.
Browse courses on
Threat Hunting
Show steps
Show steps
Show steps
- Attend a workshop on SOC program design.
- Learn about different types of SOCs and their functions.
- Develop a plan for implementing a SOC program.
- Identify and evaluate threat hunting tools and techniques.
One other activity
Expand to see all activities and additional details
Show all four activities
Open-Source Threat Intelligence Analysis
Show steps
Gain experience in gathering and analyzing threat intelligence from open sources.
Show steps
Show steps
Show steps
- Identify and utilize reputable open-source threat intelligence feeds.
- Develop a process for collecting, filtering, and analyzing threat intelligence data.
- Share and collaborate on threat intelligence findings with the community.
Career center
Learners who complete Threat Investigation will develop knowledge and skills
that may be useful to these careers:
Threat Hunter
Threat Hunter
Threat Hunters proactively search for and identify threats to an organization's security. This course may be useful in preparing you for this role by teaching you about threat hunting concepts, security intelligence feeds, and online security research tools.
Chief Information Security Officer (CISO)
Chief Information Security Officer (CISO)
CISOs are responsible for the overall security of an organization's information systems. This course may be useful in preparing you for this role by teaching you about threat hunting, risk management, and security analytics.
Cybersecurity Engineer
Cybersecurity Engineer
Cybersecurity Engineers design, implement, and maintain security measures to protect an organization's networks and computer systems. This course may be useful by teaching you about network security monitoring, event correlation, and security incident investigations.
Security Engineer
Security Engineer
Security Engineers design, implement, and maintain security controls to protect an organization's networks and computer systems. This course may be useful in preparing you for this role by teaching you about network security monitoring, event correlation, and security incident investigations.
Security Architect
Security Architect
Security Architects design and implement security solutions for an organization's computer systems and networks. This course may be useful by teaching you about threat hunting, risk management, and security analytics.
SOC Analyst
SOC Analyst
SOC Analysts monitor an organization's security systems for suspicious activity and investigate security incidents. This course may help prepare you for this role by teaching you about threat hunting, CVSS scoring, and security analytics.
Security Operations Manager
Security Operations Manager
Security Operations Managers oversee the day-to-day operations of an organization's security program. This course may be useful by teaching you about threat hunting, risk management, and security incident investigations.
Information Security Analyst
Information Security Analyst
Information Security Analysts design, implement, and manage security measures to protect an organization's information systems. This course may help you prepare for this role by teaching you about threat hunting, CVSS scoring, and security analytics.
Information Security Manager
Information Security Manager
Information Security Managers oversee the development and implementation of an organization's information security program. This course may be useful by teaching you about threat hunting, risk management, and security incident investigations.
Security Consultant
Security Consultant
Security Consultants provide advice and guidance to organizations on how to improve their security posture. This course may be useful in preparing you for this role by teaching you about threat hunting, risk management, and security incident investigations.
Digital Forensic Analyst
Digital Forensic Analyst
Digital Forensic Analysts investigate computer systems and networks to find evidence of criminal activity. This course may be useful in preparing you for this role by teaching you about event correlation, security incident investigations, and online security research tools.
Cybersecurity Analyst
Cybersecurity Analyst
Cybersecurity Analysts plan and implement security measures to protect an organization's computer systems and networks. This course may help prepare you for this role by teaching you about network security monitoring, event correlation, and security incident investigations.
Threat Intelligence Analyst
Threat Intelligence Analyst
Threat Intelligence Analysts research and analyze potential threats to an organization's security. They also provide recommendations on how to mitigate these threats. By teaching you about threat-centric SOCs and threat intelligence feeds, this course may be useful in preparing you for this role.
Security Analyst
Security Analyst
Security Analysts monitor networks for suspicious activity and investigate security breaches. This course may be useful in preparing you for this career by teaching you about threat hunting concepts, security intelligence feeds, and online security research tools.
Incident Responder
Incident Responder
Incident Responders track down the source of security breaches after a network has already been compromised. They also take action to prevent further damage. This course may help prepare you for this role by teaching you how to identify and investigate security incidents.
For more career information including salaries, visit:
OpenCourser.com/course/g09bph/threat
Reading list
We've selected seven books
that we think will supplement your
learning. Use these to
develop background knowledge, enrich your coursework, and gain a
deeper understanding of the topics covered in
Threat Investigation.
Provides a practical guide to malware analysis. It covers the fundamentals of this discipline, as well as more advanced topics such as reverse engineering and threat hunting.
Comprehensive guide to Wireshark, a free and open source network protocol analyzer. It covers the fundamentals of network analysis, as well as more advanced topics such as traffic filtering and malware detection.
Provides a hands-on approach to network security assessment. It covers the fundamentals of this discipline, as well as more advanced topics such as vulnerability assessment and penetration testing.
Provides a practical guide to information security policy development. It covers the fundamentals of this discipline, as well as more advanced topics such as risk assessment and compliance.
Comprehensive study guide for the CompTIA Security+ certification exam. It covers the fundamentals of security, as well as more advanced topics such as risk assessment and incident response.
Comprehensive study guide for the CEH Certified Ethical Hacker certification exam. It covers the fundamentals of ethical hacking, as well as more advanced topics such as penetration testing and vulnerability assessment.
Comprehensive study guide for the CISSP (ISC)2 Certified Information Systems Security Professional certification exam. It covers the fundamentals of security, as well as more advanced topics such as risk assessment and incident response.
For more information about how these books relate to this course, visit:
OpenCourser.com/course/g09bph/threat
Share
Similar courses
Here are nine courses similar to
Threat Investigation.
Threat Hunt with IBM Security QRadar
OpenCourser.com/course/yjuhop/threat
Threat Hunt with IBM Security QRadar
Most relevant
Cybersecurity Threat Vectors and Mitigation
OpenCourser.com/course/hgn4k7/cybersecurity
Cybersecurity Threat Vectors and Mitigation
Most relevant
Advanced Threat Hunting and Incident Response
OpenCourser.com/course/lyg7qj/advanced
Advanced Threat Hunting and Incident Response
Most relevant
Requirements, Planning, Direction, and Review (C|TIA Prep)
OpenCourser.com/course/m87x7g/requirements
Requirements, Planning, Direction, and Review (C|TIA Prep)
Most relevant
IT Security Champion: Cyber Threat Intel and Emerging Threats
OpenCourser.com/course/pbiazl/it
IT Security Champion: Cyber Threat Intel and Emerging...
Most relevant
Cyber Threats and Kill Chain Methodology (C|TIA Prep)
OpenCourser.com/course/0ug81f/threat
Cyber Threats and Kill Chain Methodology (C|TIA Prep)
Most relevant
Monitor and Detect with IBM Security QRadar
OpenCourser.com/course/m83muq/monitor
Monitor and Detect with IBM Security QRadar
Most relevant
Cyber Threat Intelligence
OpenCourser.com/course/y4k0ta/cyber
Cyber Threat Intelligence
Most relevant
Threat Hunting: Hypothesize and Plan
OpenCourser.com/course/f8z7er/threat
Threat Hunting: Hypothesize and Plan
Most relevant
Via
Coursera
Institution
Cisco Learning and Certifications
Instructor
Cisco Learning & Certifications
Language
English
This course belongs to a
collection
called
Cybersecurity Operations Fundamentals. It's comprised of six courses:
- Threat Analysis
- Endpoints and Systems
- Data Security
- Security Operations Center (SOC)
- Threat Response
- Threat Investigation (viewing)
Good to know
Builds a strong foundation for beginners in Threat Hunting analysis and investigation
Explores industry-standard practices and techniques for Threat Hunting, making it highly relevant in the field
Taught by Cisco Learning & Certifications, recognized for their work in networking and Cybersecurity
Covers unique perspectives and ideas that may add color to other cybersecurity topics
Requires working knowledge of Windows and Linux operating systems, which may be a barrier for some learners
Assumes learners have familiarity with basics of networking security concepts, which may not be suitable for absolute beginners
Our mission
OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.
Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.
Find this site helpful? Tell a friend about us.
Affiliate disclosure
We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.
Your purchases help us maintain our catalog and keep our servers humming without ads.
Thank you for supporting OpenCourser.
© 2016 - 2024 OpenCourser