Threat Investigation
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand how threat-centric SOC must prepare for analyzing new and emerging threats by implementing robust security investigation procedures • By the end of the course, you will be able to: • Understand cyber-threat hunting concepts • Describe the five hunting maturity levels (HM0–HM4) • Describe the hunting cycle four-stage loop• Describe the use of the Common Vulnerability Scoring System (CVSS) and list the CVSS v3.0 base metrics• Describe the CVSS v3.0 scoring compon
Monthly Subscription Starting at AED 99 + VAT
- Level Foundation
- المدة 9 ساعات hours
- الطبع بواسطة Cisco Learning and Certifications
-
Offered by
عن
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand how threat-centric SOC must prepare for analyzing new and emerging threats by implementing robust security investigation procedures • By the end of the course, you will be able to: • Understand cyber-threat hunting concepts • Describe the five hunting maturity levels (HM0–HM4) • Describe the hunting cycle four-stage loop• Describe the use of the Common Vulnerability Scoring System (CVSS) and list the CVSS v3.0 base metrics• Describe the CVSS v3.0 scoring components (base, temporal, and environmental) • Provide an example of CVSS v3.0 scoring • Describe the use of a hot threat dashboard within a SOC • Provide examples of publicly available threat awareness resources • Provide examples of publicly available external threat intelligence sources and feeds• Describe the use of security intelligence feed • Describe threat analytics systems • Describe online security research tools • Simulate malicious actions to populate the event data on the Security Onion tools for later analysis • Identify resources for hunting cyber threats. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.الوحدات
Introduction
-
1
Videos
-
1
Readings
-
1
Discussion
1
Discussions
- Learner Introduction
1
Videos
- Introduction to Identifying Resources for Hunting Cyber Threats
1
Readings
- Introduction to Identifying Resources for Hunting Cyber Threats
Cyber-Threat Hunting Concepts
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Cyber-Threat Hunting Concepts Practice Quiz
1
Videos
- Cyber Threat Hunting Concepts
1
Readings
- Cyber-Threat Hunting Concepts
Hunting Maturity Model
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Hunting Maturity Model Practice Quiz
1
Videos
- Hunting Maturity Model
1
Readings
- Hunting Maturity Model
Cyber Threat Hunting Cycle
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Cyber Threat Hunting Cycle Practice Quiz
1
Videos
- Cyber Threat Hunting Cycle
1
Readings
- Cyber Threat Hunting Cycle
Common Vulnerability Scoring System
-
1
Videos
-
4
Readings
-
1
Assignment
1
Assignment
- Common Vulnerability Scoring System Practice Quiz
1
Videos
- Common Vulnerability Scoring System
4
Readings
- Common Vulnerability Scoring System
- CVSS v3.0 Base Metrics
- CVSS v3.0 Temporal Metrics
- CVSS v3.0 Environmental Metrics
CVSS v3.0 Scoring
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Practice Quiz
1
Videos
- CVSS v3.0 Scoring
1
Readings
- CVSS v3.0 Scoring
CVSS v3.0 Example
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- CVSS v3.0 Scoring Practice Quiz
1
Videos
- CVSS v3.0 Example
1
Readings
- CVSS v3.0 Example
Hot Threat Dashboard
-
1
Videos
-
3
Readings
-
1
Assignment
1
Assignment
- Hot Threat Dashboard Practice Quiz
1
Videos
- Hot Threat Dashboard
3
Readings
- Hot Threat Dashboard
- Hot Threat Process
- Hot Threat Challenges
Publicly Available Threat Awareness Resources
-
1
Videos
-
4
Readings
1
Videos
- Publicly Available Threat Awareness Resources
4
Readings
- Open Web Application Security Project
- Spamhaus Project
- Alexa
- Publicly Available Threat Awareness Resources Practice Quiz
Other External Threat Intelligence Sources and Feeds Reference
-
1
Readings
1
Readings
- Other External Threat Intelligence Sources and Feeds Reference
Security Intelligence
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Security Intelligence Practice Quiz
1
Videos
- Security Intelligence
1
Readings
- Security Intelligence
Threat Analytic Systems
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Threat Analytic Systems Practice Quiz
1
Videos
- Threat Analytic Systems
1
Readings
- Threat Analytic Systems
Security Tools Reference
-
1
Videos
-
1
Readings
1
Videos
- Security Tools Reference
1
Readings
- Security Tools Reference
Wrap-Up
-
1
Videos
-
1
Readings
1
Videos
- Wrap-Up
1
Readings
- Wrap-Up
Course Exam
-
1
Assignment
1
Assignment
- Identifying Resources for Hunting Cyber Threats Course Exam
Introduction
-
1
Videos
-
1
Readings
1
Videos
- Introduction to Understanding Event Correlation and Normalization
1
Readings
- Introduction to Understanding Event Correlation and Normalization
Event Sources
-
1
Videos
-
8
Readings
-
1
Assignment
1
Assignment
- Event Sources Practice Quiz
1
Videos
- Event Sources
8
Readings
- Event Sources
- Intrusion Prevention System
- Firewalls
- NetFlow
- Proxy Servers
- Identity and Access Management
- Antivirus
- Application Logs
Evidence
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Evidence Practice Quiz
1
Videos
- Evidence
1
Readings
- Evidence
Chain of Custody
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Chain of Custody Practice Quiz
1
Videos
- Chain of Custody
1
Readings
- Chain of Custody
Security Data Normalization
-
1
Videos
-
1
Readings
1
Videos
- Security Data Normalization
1
Readings
- Security Data Normalization
Event Correlation
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Event Correlation Practice Quiz
1
Videos
- Event Correlation
1
Readings
- Event Correlation
Other Security Data Manipulation
-
1
Videos
-
4
Readings
-
1
Assignment
1
Assignment
- Other Security Data Manipulation Practice Quiz
1
Videos
- Other Security Data Manipulation
4
Readings
- Other Security Data Manipulation
- Aggregation
- Summarization
- Deduplication
Wrap-Up
-
1
Videos
-
1
Readings
1
Videos
- Wrap-Up
1
Readings
- Wrap-Up
Course Exam
-
1
Assignment
1
Assignment
- Understanding Event Correlation and Normalization Course Exam
Introduction
-
1
Videos
-
1
Readings
1
Videos
- Introduction to Conducting Security Incident Investigations
1
Readings
- Introduction to Conducting Security Incident Investigations
Security Incident Investigation Procedures
-
1
Videos
-
7
Readings
-
1
Assignment
1
Assignment
- Security Incident Investigation Procedures Practice Quiz
1
Videos
- Security Incident Investigation Procedures
7
Readings
- Security Incident Investigation Procedures
- When: When Did the Events Occur?
- Who: What IP/Domain Was Associated with the Malware?
- Where: Where Did the Infection Come From?
- What: What Type of Malware Is on the System?
- Why: What Does the Malware Do and What Is Its Purpose?
- How: How Did the Malware Get onto the System?
Threat Investigation Example: China Chopper Remote Access Trojan
-
1
Videos
-
2
Readings
-
1
Assignment
1
Assignment
- Threat Investigation Example: China Chopper Remote Access Trojan Practice Quiz
1
Videos
- Threat Investigation Example: China Chopper Remote Access Trojan
2
Readings
- Introduction
- Threat Investigation Example: China Chopper Remote Access Trojan
Wrap-Up
-
1
Videos
-
1
Readings
1
Videos
- Wrap-Up
1
Readings
- Wrap-Up
Course Exam
-
1
Assignment
1
Assignment
- Conducting Security Incident Investigations Course Exam
Introduction
-
1
Videos
-
1
Readings
1
Videos
- Introduction to Using a Playbook Model to Organize Security Monitoring
1
Readings
- Introduction to Using a Playbook Model to Organize Security Monitoring
Security Analytics
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Security Analytics Practice Quiz
1
Videos
- Security Analytics
1
Readings
- Security Analytics
Playbook Definition
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Playbook Definition Practice Quiz
1
Videos
- Playbook Definition
1
Readings
- Playbook Definition
What Is in a Play?
-
1
Videos
-
7
Readings
-
1
Assignment
1
Assignment
- What Is in a Play Practice Quiz
1
Videos
- What Is in a Play?
7
Readings
- What Is in a Play?
- Report Identification
- Objective
- Data Query
- Action
- Analysis
- Reference
Playbook Management System
-
1
Videos
-
1
Readings
-
1
Assignment
1
Assignment
- Playbook Management System Quiz
1
Videos
- Playbook Management System
1
Readings
- Playbook Management System
Wrap-Up
-
1
Videos
-
1
Readings
1
Videos
- Wrap-Up
1
Readings
- Wrap-Up
Course Exam
-
1
Assignment
1
Assignment
- Course Exam
Auto Summary
"Threat Investigation" is an essential course for associate-level cybersecurity analysts in security operation centers, offered by Coursera. It focuses on preparing for new and emerging threats through robust investigation procedures. Key topics include cyber-threat hunting, CVSS v3.0, threat dashboards, and security intelligence feeds. This 540-minute foundation-level course is ideal for those with a CCNA-level background, TCP/IP networking knowledge, and familiarity with Windows and Linux. Subscription options include Starter and Professional, making it accessible for a variety of learners looking to enhance their cybersecurity skills.
Cisco Learning & Certifications