Overview
This course will give the introductory-level skills and knowledge needed in this environment and how a Security Operations Centre (SOC) functions. You will learn basic threat analysis, event correlation, identifying malicious activity, and how to use a playbook for incident response. Students will also gain knowledge on identifying resources for hunting cyber threats, common attack vectors, malicious activity, and patterns of suspicious behavior.
Course Objectives
After completing this course, students will be able to:
- Describe a typical Security Operation Centre (SOC)
- Use Network Security Monitoring (NSM) tools and data to conduct basic incident analysis within a threat-centric SOC environment
- Identify common external resources used by the analysts to hunt for cybersecurity threats
- Discuss basic events normalization concepts
- Perform basic events correlation
- Identify common attack vectors, malicious activities, and patterns of suspicious behaviors
- Describe the use of a playbook to assist with the incident investigation in a SOC
- Describe the common metrics used to measure the SOC effectiveness
- Describe the use of a workflow automation system to optimize SOC operations
- Describe the components of a typical Incident Response Plan
- Describe the types and the responsibilities of the Computer Security Incident Response Team (CSIRT)
- Discuss the use of VERIS to document security incidents
Prerequisites
- Must have completed CCNA Routing and Switching Course
