If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand how threat-centric SOC must prepare for analyzing new and emerging threats by implementing robust security investigation procedures • By the end of the course, you will be able to: • Understand cyber-threat hunting concepts • Describe the five hunting maturity levels (HM0–HM4) • Describe the hunting cycle four-stage loop• Describe the use of the Common Vulnerability Scoring System (CVSS) and list the CVSS v3.0 base metrics• Describe the CVSS v3.0 scoring components (base, temporal, and environmental) • Provide an example of CVSS v3.0 scoring • Describe the use of a hot threat dashboard within a SOC • Provide examples of publicly available threat awareness resources • Provide examples of publicly available external threat intelligence sources and feeds• Describe the use of security intelligence feed • Describe threat analytics systems • Describe online security research tools • Simulate malicious actions to populate the event data on the Security Onion tools for later analysis • Identify resources for hunting cyber threats. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.
Offrez à votre carrière le cadeau de Coursera Plus avec $160 de réduction, facturé annuellement. Économisez aujourd’hui.
Threat Investigation
Ce cours fait partie de Spécialisation Cybersecurity Operations Fundamentals
Instructeur : Cisco Learning & Certifications
2 623 déjà inscrits
Inclus avec 
(23 avis)
Détails à connaître
Ajouter à votre profil LinkedIn
24 devoirs
Découvrez comment les employés des entreprises prestigieuses maîtrisent des compétences recherchées
Élaborez votre expertise du sujet
- Apprenez de nouveaux concepts auprès d'experts du secteur
- Acquérez une compréhension de base d'un sujet ou d'un outil
- Développez des compétences professionnelles avec des projets pratiques
- Obtenez un certificat professionnel partageable
Obtenez un certificat professionnel
Ajoutez cette qualification à votre profil LinkedIn ou à votre CV
Partagez-le sur les réseaux sociaux et dans votre évaluation de performance
Il y a 4 modules dans ce cours
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand how threat-centric SOC must prepare for analyzing new and emerging threats by implementing robust security investigation procedures • By the end of the course, you will be able to: • Understand cyber-threat hunting concepts • Describe the five hunting maturity levels (HM0–HM4) • Describe the hunting cycle four-stage loop• Describe the use of the Common Vulnerability Scoring System (CVSS) and list the CVSS v3.0 base metrics• Describe the CVSS v3.0 scoring components (base, temporal, and environmental) • Provide an example of CVSS v3.0 scoring • Describe the use of a hot threat dashboard within a SOC • Provide examples of publicly available threat awareness resources • Provide examples of publicly available external threat intelligence sources and feeds• Describe the use of security intelligence feed • Describe threat analytics systems • Describe online security research tools • Simulate malicious actions to populate the event data on the Security Onion tools for later analysis • Identify resources for hunting cyber threats. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.
Inclus
13 vidéos22 lectures10 devoirs1 sujet de discussion
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you describe event correlation and normalization. By the end of the course, you will be able to: • Describe network security monitoring event sources (IPS, Firewall, NetFlow, Proxy Server, IAM, AV, and application logs)• Describe direct evidence and circumstantial evidence • Describe chain of custody for all evidence and interacting with law enforcement • Describe an example of security data normalization • Provide an example of security events correlation • Explain the basic concepts of security data aggregation, summarization, and deduplication • Use the Security Onion Sguil and ELSA applications as the SIEM platform to monitor the network for peculiarities and start an investigation. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.
Inclus
8 vidéos18 lectures6 devoirs
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will explain how to conduct security incident investigations. By the end of the course, you will be able to: • Explain the objective of security incident investigation: Discover the who, what, when, where, why, and how of the incident • Describe the China Chopper Remote Access Trojan • Identify network traffic that was created by an advanced persistent threat (APT). To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.
Inclus
4 vidéos11 lectures3 devoirs
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand how to use a playbook model to organize security monitoring. By the end of the course, you will be able to: • Describe the security analytics process • Describe the use of a playbook in a SOC • Describe the components of a play in a typical SOC playbook • Describe the use of a playbook management system in the SOC • Explore SOC playbooks. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.
Inclus
6 vidéos12 lectures5 devoirs
Instructeur
Offert par
Recommandé si vous êtes intéressé(e) par Security
Erasmus University Rotterdam
Johns Hopkins University
Pour quelles raisons les étudiants sur Coursera nous choisissent-ils pour leur carrière ?
Avis des étudiants
Affichage de 3 sur 23
23 avis
- 5 stars
95,65 %
- 4 stars
4,34 %
- 3 stars
0 %
- 2 stars
0 %
- 1 star
0 %
Ouvrez de nouvelles portes avec Coursera Plus
Accès illimité à plus de 7 000 cours de renommée internationale, à des projets pratiques et à des programmes de certificats reconnus sur le marché du travail, tous inclus dans votre abonnement
Faites progresser votre carrière avec un diplôme en ligne
Obtenez un diplôme auprès d’universités de renommée mondiale - 100 % en ligne
Rejoignez plus de 3 400 entreprises mondiales qui ont choisi Coursera pour les affaires
Améliorez les compétences de vos employés pour exceller dans l’économie numérique
Foire Aux Questions
Access to lectures and assignments depends on your type of enrollment. If you take a course in audit mode, you will be able to see most course materials for free. To access graded assignments and to earn a Certificate, you will need to purchase the Certificate experience, during or after your audit. If you don't see the audit option:
The course may not offer an audit option. You can try a Free Trial instead, or apply for Financial Aid.
The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.
When you enroll in the course, you get access to all of the courses in the Specialization, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile. If you only want to read and view the course content, you can audit the course for free.
If you subscribed, you get a 7-day free trial during which you can cancel at no penalty. After that, we don’t give refunds, but you can cancel your subscription at any time. See our full refund policy.