Sound the Alarm: Detection and Response
This is the sixth course in the Google Cybersecurity Certificate. These courses will equip you with the skills you need to apply for an entry-level cybersecurity job. You’ll build on your understanding of the topics that were introduced in the fifth Google Cybersecurity Certificate course. In this course, you will focus on incident detection and response. You'll define a security incident and explain the incident response lifecycle, including the roles and responsibilities of incident response teams.
Monthly Subscription Starting at AED 99 + VAT
- Level Foundation
- Duration 25 hours
- Course by Google
-
Offered by
About
This is the sixth course in the Google Cybersecurity Certificate. These courses will equip you with the skills you need to apply for an entry-level cybersecurity job. You’ll build on your understanding of the topics that were introduced in the fifth Google Cybersecurity Certificate course. In this course, you will focus on incident detection and response. You'll define a security incident and explain the incident response lifecycle, including the roles and responsibilities of incident response teams. You'll analyze and interpret network communications to detect security incidents using packet sniffing tools to capture network traffic. By assessing and analyzing artifacts, you'll explore the incident investigation and response processes and procedures. Additionally, you'll practice using Intrusion Detection Systems (IDS) and Security Information Event Management (SIEM) tools. Google employees who currently work in cybersecurity will guide you through videos, provide hands-on activities and examples that simulate common cybersecurity tasks, and help you build your skills to prepare for jobs. Learners who complete this certificate will be equipped to apply for entry-level cybersecurity roles. No previous experience is necessary. By the end of this course, you will: - Explain the lifecycle of an incident. - Describe the tools used in documentation, detection, and management of incidents. - Analyze packets to interpret network communications. - Perform artifact investigations to analyze and verify security incidents. - Identify the steps to contain, eradicate, and recover from an incident. - Determine how to read and analyze logs during incident investigation. - Interpret the basic syntax and components of signatures and logs in Intrusion Detection Systems (IDS) and Network Intrusion Detection Systems (NIDS) tools. - Perform queries in Security Information and Event Management (SIEM) tools to investigate an event.Modules
Get started with the course
-
2
Videos
-
2
Readings
2
Videos
- Introduction to Course 6
- Dave: Grow your cybersecurity career with mentors
2
Readings
- Course 6 overview
- Helpful resources and tips
The incident response lifecycle
-
2
Videos
-
1
Readings
-
2
Quiz
-
1
Plugin
2
Videos
- Welcome to module 1
- Introduction to the incident response lifecycle
1
Readings
- Portfolio Activity Exemplar: Document an incident with an incident handler's journal
2
Quiz
- Portfolio Activity: Document an incident with an incident handler's journal
- Test your knowledge: The incident response lifecycle
Incident response operations
-
3
Videos
-
1
Readings
-
1
Quiz
3
Videos
- Incident response teams
- Fatima: The importance of communication during incident response
- Incident response plans
1
Readings
- Roles in response
1
Quiz
- Test your knowledge: Incident response operations
Incident response tools
-
4
Videos
-
2
Readings
-
2
Quiz
4
Videos
- Incident response tools
- The value of documentation
- Intrusion detection systems
- Alert and event management with SIEM and SOAR tools
2
Readings
- Overview of detection tools
- Overview of SIEM technology
2
Quiz
- Test your knowledge: Detection and documentation tools
- Test your knowledge: Management tools
Review: Introduction to detection and incident response
-
1
Videos
-
1
Readings
-
1
Quiz
1
Videos
- Wrap-up
1
Readings
- Glossary terms from module 1
1
Quiz
- Module 1 challenge
Understand network traffic
-
4
Videos
-
1
Readings
-
1
Quiz
4
Videos
- Welcome to module 2
- Casey: Apply soft skills in cybersecurity
- The importance of network traffic flows
- Data exfiltration attacks
1
Readings
- Maintain awareness with network monitoring
1
Quiz
- Test your knowledge: Understand network traffic
Capture and view network traffic
-
3
Videos
-
4
Readings
-
1
Quiz
-
2
ExternalTool
2
External Tool
- Activity: Analyze your first packet
- Optional Exemplar: Analyze your first packet
3
Videos
- Packets and packet captures
- Interpret network communications with packets
- Reexamine the fields of a packet header
4
Readings
- Learn more about packet captures
- Investigate packet details
- Resources for completing labs
- Lab tips and troubleshooting steps
1
Quiz
- Test your knowledge: Capture and view network traffic
Packet inspection
-
1
Videos
-
2
Readings
-
2
Quiz
-
2
ExternalTool
2
External Tool
- Activity: Capture your first packet
- Optional Exemplar: Capture your first packet
1
Videos
- Packet captures with tcpdump
2
Readings
- Overview of tcpdump
- Activity Exemplar: Research network protocol analyzers
2
Quiz
- Test your knowledge: Packet inspection
- Activity: Research network protocol analyzers
Review: Network monitoring and analysis
-
1
Videos
-
1
Readings
-
1
Quiz
1
Videos
- Wrap-up
1
Readings
- Glossary terms from module 2
1
Quiz
- Module 2 challenge
Incident detection and verification
-
3
Videos
-
4
Readings
-
2
Quiz
-
1
Plugin
3
Videos
- Welcome to module 3
- The detection and analysis phase of the lifecycle
- MK: Changes in the cybersecurity industry
4
Readings
- Cybersecurity incident detection methods
- Indicators of compromise
- Analyze indicators of compromise with investigative tools
- Activity Exemplar: Investigate a suspicious file hash
2
Quiz
- Activity: Investigate a suspicious file hash
- Test your knowledge: Incident detection and verification
Create and use documentation
-
3
Videos
-
2
Readings
-
1
Quiz
3
Videos
- The benefits of documentation
- Document evidence with chain of custody forms
- The value of cybersecurity playbooks
2
Readings
- Best practices for effective documentation
- Activity Exemplar: Use a playbook to respond to a phishing incident
1
Quiz
- Activity: Use a playbook to respond to a phishing incident
Response and recovery
-
3
Videos
-
2
Readings
-
1
Quiz
3
Videos
- The role of triage in incident response
- Robin: Foster cross-team collaboration
- The containment, eradication, and recovery phase of the lifecycle
2
Readings
- The triage process
- Business continuity considerations
1
Quiz
- Test your knowledge: Response and recovery
Post-incident actions
-
1
Videos
-
1
Readings
-
2
Quiz
-
1
Plugin
1
Videos
- The post-incident activity phase of the lifecycle
1
Readings
- Post-incident review
2
Quiz
- Activity: Review a final report
- Test your knowledge: Post-incident actions
Review: Incident investigation and response
-
1
Videos
-
1
Readings
-
1
Quiz
1
Videos
- Wrap-up
1
Readings
- Glossary terms from module 3
1
Quiz
- Module 3 challenge
Overview of logs
-
4
Videos
-
2
Readings
-
2
Quiz
-
1
Plugin
4
Videos
- Welcome to module 4
- The importance of logs
- Rebecca: Learn new tools and technologies
- Variations of logs
2
Readings
- Best practices for log collection and management
- Overview of log file formats
2
Quiz
- Test your knowledge: Overview of logs
- Test your knowledge: Log components and formats
Overview of intrusion detection systems (IDS)
-
5
Videos
-
2
Readings
-
1
Quiz
-
2
ExternalTool
2
External Tool
- Activity: Explore signatures and logs with Suricata
- Optional Exemplar: Explore signatures and logs with Suricata
5
Videos
- Security monitoring with detection tools
- Grace: Security mindset in detection and response
- Components of a detection signature
- Examine signatures with Suricata
- Examine Suricata logs
2
Readings
- Detection tools and techniques
- Overview of Suricata
1
Quiz
- Test your knowledge: Overview of intrusion detection systems (IDS)
Overview of security information event management (SIEM) tools
-
3
Videos
-
3
Readings
-
3
Quiz
3
Videos
- Reexamine SIEM tools
- Query for events with Splunk
- Query for events with Chronicle
3
Readings
- Log sources and log ingestion
- Search methods with SIEM tools
- Follow-along guide for Splunk sign-up
3
Quiz
- Activity: Perform a query with Splunk
- Activity: Perform a query with Chronicle
- Test your knowledge: Overview of SIEM tools
Review: Network traffic and logs using IDS and SIEM tools
-
1
Videos
-
2
Readings
-
2
Quiz
1
Videos
- Wrap-up
2
Readings
- Glossary terms from module 4
- Portfolio Activity Exemplar: Finalize your incident handler's journal
2
Quiz
- Module 4 challenge
- Portfolio Activity: Finalize your incident handler's journal
Congratulations on completing Course 6!
-
1
Videos
-
3
Readings
1
Videos
- Course wrap-up
3
Readings
- Reflect and connect with peers
- Course 6 glossary
- Get started on the next course
Auto Summary
"Sound the Alarm: Detection and Response" is the sixth course in the Google Cybersecurity Certificate, designed to prepare you for entry-level cybersecurity roles. Led by Google cybersecurity experts, this IT & Computer Science course delves into incident detection and response, teaching you to analyze network traffic, use IDS and SIEM tools, and manage security incidents. With no prior experience needed, the course offers hands-on activities over 1500 hours and is available via Coursera's Starter and Professional subscriptions. Ideal for aspiring cybersecurity professionals.
Google Career Certificates