We may earn an affiliate commission when you visit our partners.
Course image
Cisco Learning & Certifications

If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand Incident Analysis in a Threat-Centric SOC. By the end of the course, you will be able to:

•Use the classic kill chain model to perform network security incident analysis

• Describe the reconnaissance phase of the classic kill chain model

• Describe the weaponization phase of the classic kill chain model

• Describe the delivery phase of the classic kill chain model • Describe the exploitation phase of the classic kill chain model

Read more

If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand Incident Analysis in a Threat-Centric SOC. By the end of the course, you will be able to:

•Use the classic kill chain model to perform network security incident analysis

• Describe the reconnaissance phase of the classic kill chain model

• Describe the weaponization phase of the classic kill chain model

• Describe the delivery phase of the classic kill chain model • Describe the exploitation phase of the classic kill chain model

•Describe the installation phase of the classic kill chain mode l• Describe the command-and-control phase of the classic kill chain model

• Describe the actions on objectives phase of the classic kill chain model

• Describe how the kill chain model can be applied to detect and prevent ransomware

• Describe using the diamond model to perform network security incident analysis

• Describe how to apply the diamond model to perform network security incident analysis using a threat intelligence platform, such as ThreatConnect

• Describe the MITRE ATTACK framework and its use

• Walk-through the classic kill chain model and use various tool capabilities of the Security Onion Linux distribution

•Understand the kill chain and the diamond models for incident investigations, and the use of exploit kits by threat actors.

To be successful in this course, you should have the following background:

1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course

2. Familiarity with Ethernet and TCP/IP networking

3. Working knowledge of the Windows and Linux operating systems

4. Familiarity with basics of networking security concepts.

Enroll now

What's inside

Syllabus

Understanding Incident Analysis in a Threat-Centric SOC
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand Incident Analysis in a Threat-Centric SOC. By the end of the course, you will be able to: • Use the classic kill chain model to perform network security incident analysis • Describe the reconnaissance phase of the classic kill chain model • Describe the weaponization phase of the classic kill chain model • Describe the delivery phase of the classic kill chain model • Describe the exploitation phase of the classic kill chain model • Describe the installation phase of the classic kill chain mode l• Describe the command-and-control phase of the classic kill chain model • Describe the actions on objectives phase of the classic kill chain model • Describe how the kill chain model can be applied to detect and prevent ransomware • Describe using the diamond model to perform network security incident analysis • Describe how to apply the diamond model to perform network security incident analysis using a threat intelligence platform, such as ThreatConnect • Describe the MITRE ATTACK framework and its use • Walk-through the classic kill chain model and use various tool capabilities of the Security Onion Linux distribution • Understand the kill chain and the diamond models for incident investigations, and the use of exploit kits by threat actors. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.
Read more
Identifying Common Attack Vectors
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand common attack vectors. By the end of the course, you will be able to: • Identify the common attack vectors • Explain DNS terminology and operations • Describe the automated discovery and registration process of the client public IP addresses via DDNS • Describe the process of recursive DNS queries • Describe HTTP operations and traffic analysis to identify anomalies in the HTTP traffic • Describe the use of and operation of HTTPS traffic • Describe the use of and operation of HTTP/2 and streams • Describe how SQL is used to query, operate, and administer relational database management systems, and how to recognize SQL based attacks• Describe how the mail delivery process works, and SMTP conversations • Describe how web scripting can be used to deliver malware • Explain the use of obfuscated JavaScript by the threat actors • Explain the use of shellcode and exploits by threat actors • Understand the three basic types of payloads within the Metasploit framework (single, stager, and stage) • Explain the use of directory traversal by the threat actors • Explain the basic concepts of SQL injection attacks • Explain the basic concepts of cross-site scripting attacks • Explain the use of Punycode by threat actors • Explain the use of DNS tunneling by threat actors • Explain the use of pivoting by threat actors • Describe website redirection with HTTP 302 cushioning • Describe how attackers can gain access via web-based attacks • Understand how threat actors use exploit kits • Describe the Emotet APT • Play the role of both attacker to simulate attacks, and the role of analyst to analyze the attacks. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.
Identifying Malicious Activity
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you Identify Malicious Activity. By the end of the course, you will be able to: • Explain why security analysts need to understand the network design that they are protecting • Understand the role of the design of the network that you are protecting • Define the different threat actor types • Provide an example of log data search using ELSA • Explore logging functionality in context to Linux systems • Describe how the Windows Event Viewer is used to browse and manage event logs • Describe the context of a security incident in firewall syslog messages • Describe the need for network DNS activity log analysis • Describe web proxy log analysis for investigating web-based attacks • Describe email proxy log analysis for investigating email-based attacks • Describe AAA server log analysis • Describe NGFW log analysis for incident investigation • Describe application log analysis for detecting application misuse • Describe the use of NetFlow for collecting and monitoring of network traffic flow data • Explain the use of NetFlow as a security tool • Describe network behavior anomaly monitoring for detecting deviations from the normal patterns • Describe using NetFlow for data loss detection• Explain how DNS can be used by the threat actors to perform attacks • Describe intrusion prevention system evasion techniques • Explain the Onion Router network and how to detect Tor network traffic • Describe gaining access and control in context to endpoint attacks• Describe peer-to-peer file sharing and risks • Describe encapsulation techniques including DNS tunneling • Explain how to prevent attackers from modifying a device's software image • Explore how attackers leverage DNS in their attacks • Analyze data for investigation of a security event. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.
Identifying Patterns of Suspicious Behavior
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you identify patterns of suspicious behavior. By the end of the course, you will be able to: • Explain the purpose of baselining the network activities • Explain how to use the established baseline to identify anomalies and suspicious behaviors • Explain the basic concepts of performing PCAP analysis • Explain the use of a sandbox to perform file analysis • Investigate suspicious activity using the tools within Security Onion. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

Good to know

Know what's good
, what to watch for
, and possible dealbreakers
Helps learners understand Incident Analysis in a Threat-Centric SOC
Suitable for associate-level cybersecurity analysts working in security operation centers
Develops skills in using the classic kill chain model and the diamond model for incident investigations
Emphasizes the use of exploit kits by threat actors
Provides hands-on experience through Security Onion Linux distribution
Teaches identification of malicious activity in various contexts like network design, firewalls, and emails

Save this course

Save Threat Analysis to your list so you can find it easily later:
Save

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Threat Analysis with these activities:
Review networking concepts
Brush up on networking fundamentals to build a stronger foundation for the course materials.
Browse courses on Networking
Show steps
  • Revisit basic networking concepts like IP addressing, subnetting, and routing.
  • Review the different layers of the TCP/IP model.
  • Practice configuring network devices like routers and switches.
Review CCNA security concepts
Strengthen your foundational knowledge of CCNA security concepts by seeking out and following video or text-based tutorials.
Browse courses on CCNA Security
Show steps
  • Identify reputable sources for CCNA security tutorials.
  • Set aside dedicated time for reviewing CCNA security concepts.
  • Take notes and revisit the tutorials as needed.
Review "Network Security Assessment: Know Your Network" by Chris Brenton
Build a solid understanding of network security assessment techniques.
Show steps
  • Read chapters 1-3 to understand the basics of network security assessment.
  • Complete the exercises in chapter 4 to practice identifying network vulnerabilities.
13 other activities
Expand to see all activities and additional details
Show all 16 activities
Follow SANS Institute tutorials on network security assessment tools and techniques
Explore industry-leading resources to enhance your understanding of network security assessment techniques and tools.
Show steps
  • Visit the SANS Institute website and browse the available tutorials.
  • Select a tutorial that aligns with your interests and skill level.
  • Follow the tutorial instructions and complete the exercises.
Participate in online forums and discussions on network security assessment
Engage with peers and experts to exchange knowledge, insights, and best practices in network security assessment.
Show steps
  • Join online forums and discussion groups dedicated to network security assessment.
  • Read through existing discussions and threads.
  • Actively participate in discussions by asking questions, sharing knowledge, and providing feedback to others.
Become a mentor to junior cybersecurity analysts
Share your knowledge and experience with aspiring cybersecurity professionals and help them develop their skills.
Browse courses on Mentoring
Show steps
  • Identify opportunities to mentor junior analysts within your organization or through industry groups.
  • Provide guidance and support on technical issues, career development, and best practices.
  • Create and deliver training materials or workshops to enhance their skills.
Conduct practice network security assessments
Enhance your practical skills through hands-on practice in conducting network security assessments.
Show steps
  • Set up a lab environment for practicing network security assessments.
  • Use network security assessment tools to scan and identify vulnerabilities.
  • Analyze the assessment results and develop recommendations for mitigating the vulnerabilities.
Design a network security architecture diagram
Develop a visual representation of a network security architecture, demonstrating your understanding of network security concepts.
Show steps
  • Identify the components of the network security architecture.
  • Determine the relationships between the components.
  • Create a diagram that visually represents the architecture.
Analyze network traffic using Wireshark
Gain hands-on experience analyzing network traffic to identify anomalies and security threats.
Browse courses on Wireshark
Show steps
  • Install and configure Wireshark on your computer.
  • Capture network traffic using Wireshark.
  • Analyze captured traffic to identify common attack patterns.
Create a network security assessment plan
Develop a comprehensive plan for assessing the security of a real-world network.
Show steps
  • Define the scope and objectives of the assessment.
  • Identify the assets to be assessed.
  • Select the assessment tools and techniques to be used.
  • Develop a timeline and budget for the assessment.
Write a report on a network security assessment
Develop a comprehensive report that clearly communicates the findings of a network security assessment.
Show steps
  • Gather the assessment data.
  • Analyze the data and identify the vulnerabilities.
  • Develop recommendations for mitigating the vulnerabilities.
  • Write the report in a clear and concise manner.
Create a security incident response plan
Develop a comprehensive plan for responding to security incidents effectively and efficiently.
Show steps
  • Identify potential security threats and vulnerabilities.
  • Define roles and responsibilities for incident response.
  • Establish procedures for detecting, containing, and mitigating security incidents.
Develop a threat intelligence report on a specific industry sector
Conduct a thorough analysis of threats facing a specific industry sector and present your findings in a comprehensive report.
Browse courses on Threat Intelligence
Show steps
  • Identify and research the target industry sector.
  • Gather and analyze data on security threats, vulnerabilities, and attack trends.
  • Develop recommendations for mitigating identified risks and improving security posture.
Build a lab environment for security analysis
Create a hands-on environment to practice security analysis techniques and test security controls.
Show steps
  • Choose and install appropriate software tools for security analysis.
  • Configure network and security settings to create a realistic testing environment.
  • Deploy vulnerable systems and applications to simulate real-world attack scenarios.
  • Install security monitoring and detection tools to monitor the lab environment.
Participate in cybersecurity capture the flag (CTF) events
Engage in CTF competitions to test your security analysis skills and learn from other cybersecurity professionals.
Show steps
  • Identify and register for relevant CTF events.
  • Collaborate with a team to solve security challenges.
  • Analyze and exploit vulnerabilities in simulated environments.
Attend a SANS Incident Handler (GCIH) training course
Enhance your incident response skills by attending a SANS GCIH training course led by experienced cybersecurity professionals.
Browse courses on Incident Handling
Show steps
  • Register and attend the SANS GCIH training course.
  • Actively participate in hands-on exercises and discussions.
  • Obtain certification upon successful completion of the course.

Career center

Learners who complete Threat Analysis will develop knowledge and skills that may be useful to these careers:
Security Analyst
A Security Analyst is responsible for monitoring and analyzing security logs and alerts to detect and respond to security incidents. This course helps build a foundation for success in this role by providing an understanding of how to identify common attack vectors, such as DNS tunneling, pivoting, and web-based attacks. Additionally, the course covers how to identify malicious activity, such as intrusion prevention system evasion techniques and endpoint attacks.
Cybersecurity Analyst
A Cybersecurity Analyst helps to protect computer systems and networks from unauthorized access, use, disclosure, disruption, modification, or destruction. For this reason, they must have an understanding of the threats that exist to network security and how to detect irregular activity. This course helps to build that foundation by providing an understanding of threat analysis models, such as the kill chain model and the diamond model. By understanding these models, a Cybersecurity Analyst is prepared to analyze incidents to determine the scope and impact of an attack.
Security Consultant
A Security Consultant provides advice and guidance to organizations on how to improve their security posture. To be successful in this role, it is important to have a deep understanding of the threat landscape and how to implement effective security measures. This course helps build that understanding by covering topics such as identifying patterns of suspicious behavior, using network traffic analysis to detect anomalies, and understanding the MITRE ATT&CK framework.
Ethical Hacker
An Ethical Hacker is a security professional who is hired to test the security of an organization's systems and networks. To be successful in this role, it is important to have a strong understanding of the latest hacking techniques and how to exploit vulnerabilities. This course helps build that foundation by providing an understanding of the kill chain model and how threat actors use exploit kits.
Malware Analyst
A Malware Analyst is responsible for analyzing and studying malware to understand its behavior and impact. To be successful in this role, it is important to have a strong understanding of security principles and best practices. This course may be useful for building that foundation by covering topics such as identifying common attack vectors, understanding the kill chain model, and analyzing malware samples.
Security Architect
A Security Architect is responsible for designing and implementing an organization's security strategy. To be successful in this role, it is important to have a deep understanding of security principles and best practices. This course may be useful for building that foundation by covering topics such as identifying common attack vectors, understanding the kill chain model, and analyzing security logs.
Chief Information Security Officer (CISO)
A Chief Information Security Officer (CISO) is responsible for overseeing an organization's entire security program. To be successful in this role, it is important to have a deep understanding of security principles and best practices. This course may be useful for building that foundation by covering topics such as identifying common attack vectors, understanding the kill chain model, and analyzing security logs.
Security Manager
A Security Manager is responsible for overseeing an organization's security program. To be successful in this role, it is important to have a deep understanding of security principles and best practices. This course may be useful for building that foundation by covering topics such as identifying common attack vectors, understanding the kill chain model, and analyzing security logs.
Information Security Auditor
An Information Security Auditor is responsible for assessing an organization's security posture. To be successful in this role, it is important to have a strong understanding of security principles and best practices. This course may be useful for building that foundation by covering topics such as identifying common attack vectors, understanding the kill chain model, and analyzing security logs.
Software Security Engineer
A Software Security Engineer is responsible for designing, implementing, and testing secure software applications. To be successful in this role, it is important to have a strong understanding of software security principles and best practices. This course may be useful for building that foundation by covering topics such as identifying common attack vectors, understanding the kill chain model, and analyzing software code.
Information Security Analyst
An Information Security Analyst is responsible for protecting an organization's information assets from unauthorized access, use, disclosure, disruption, modification, or destruction. To be successful in this role, it is important to have a strong understanding of security principles and best practices. This course may be useful for building that foundation by covering topics such as identifying common attack vectors, understanding the kill chain model, and analyzing security logs.
Network Security Specialist
A Network Security Specialist is responsible for protecting an organization's network from unauthorized access, use, disclosure, disruption, modification, or destruction. To be successful in this role, it is important to have a strong understanding of network security principles and best practices. This course may be useful for building that foundation by covering topics such as identifying common attack vectors, understanding the kill chain model, and analyzing network traffic.
Security Engineer
A Security Engineer is responsible for designing, implementing, and maintaining security systems and networks. To be successful in this role, it is important to have a deep understanding of security principles and best practices. This course may be useful for building that foundation by covering topics such as identifying common attack vectors, understanding the kill chain model, and analyzing security logs.
Incident Responder
An Incident Responder is responsible for responding to security incidents and restoring normal operations. To be successful in this role, it is important to have a strong understanding of security principles and best practices. This course may be useful for building that foundation by covering topics such as identifying common attack vectors, understanding the kill chain model, and analyzing security logs.
Penetration Tester
A Penetration Tester is responsible for testing the security of an organization's systems and networks. To be successful in this role, it is important to have a strong understanding of security principles and best practices. This course may be useful for building that foundation by covering topics such as identifying common attack vectors, understanding the kill chain model, and analyzing security logs.

Reading list

We've selected six books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Threat Analysis.
Practical guide to malware analysis. It covers everything from malware collection and analysis to reverse engineering and remediation. It valuable resource for anyone working in cybersecurity.
Practical guide to using Metasploit, a powerful open source penetration testing framework. It covers everything from installation and configuration to using Metasploit to exploit vulnerabilities. It valuable resource for anyone working in cybersecurity.
This great book for getting an understanding of the early days of computer security, when Stoll was tasked with finding out who was breaking into and damaging his systems in 1986. This is an enduring classic that provides foundational knowledge for any cybersecurity professional.
Practical guide to network security. It covers a wide range of topics, including network security assessment, intrusion detection, and incident response. It valuable resource for anyone working in cybersecurity.
Provides a comprehensive overview of network security assessment. It covers a wide range of topics, including network security scanning, vulnerability assessment, and penetration testing. It valuable resource for anyone working in cybersecurity.
Fascinating look at the art of deception and how it can be used to compromise security systems. It must-read for anyone working in cybersecurity.

Share

Help others find this course page by sharing it with your friends and followers:

Similar courses

Here are nine courses similar to Threat Analysis.
Cisco CyberOps: Managing Policies and Procedures
Most relevant
Security Event Triage: Detecting Network Anomalies with...
Most relevant
Cyber Threats and Kill Chain Methodology (C|TIA Prep)
Most relevant
Threat Response
Most relevant
Incident Response: Detection and Analysis
Most relevant
Incident Response: Containment, Eradication and Recovery
Most relevant
Threat Investigation
Most relevant
Identifying, Monitoring, and Analyzing Risk and Incident...
Introduction to SIEM (Splunk)
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2024 OpenCourser