If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you describe event correlation and normalization. By the end of the course, you will be able to: • Describe network security monitoring event sources (IPS, Firewall, NetFlow, Proxy Server, IAM, AV, and application logs)• Describe direct evidence and circumstantial evidence • Describe chain of custody for all evidence and interacting with law enforcement • Describe an example of security data normalization • Provide an example of security events correlation • Explain the basic concepts of security data aggregation, summarization, and deduplication • Use the Security Onion Sguil and ELSA applications as the SIEM platform to monitor the network for peculiarities and start an investigation. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will explain how to conduct security incident investigations. By the end of the course, you will be able to: • Explain the objective of security incident investigation: Discover the who, what, when, where, why, and how of the incident • Describe the China Chopper Remote Access Trojan • Identify network traffic that was created by an advanced persistent threat (APT). To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand how to use a playbook model to organize security monitoring. By the end of the course, you will be able to: • Describe the security analytics process • Describe the use of a playbook in a SOC • Describe the components of a play in a typical SOC playbook • Describe the use of a playbook management system in the SOC • Explore SOC playbooks. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.