Hands-on Threat Detection and Hunt
This four day hands-on course is designed to increase the knowledge and skills of technical staff charged with administering and securing information systems and networks. Cybersecurity topics such as network monitoring, intrusion detection, enterprise desktop response, and digital forensics will offer a comprehensive defense-in-depth experience. Each participant will have direct administrative access to a wide variety of networked systems, which will be leveraged throughout the course. Instruction will consist of cybersecurity tool demonstrations, individual labs, and team-based exercises modeled from real-world threat scenarios.
As part of an internal security team, you will use a set of already deployed cybersecurity tools to detect malicious activity on your network. A series of quizzes and automated checks will be used to prompt your investigation and evaluate your understanding of the ongoing events. Three team-based scenarios will be used along with several individual hands-on exercises to build critical cyber skills.
Technical staff members who manage or support networked information systems and have
- two years of practical experience with networked systems or equivalent training/education
- some degree of familiarity with the ISO/OSI 7-layered reference model as well as TCP/IP, and major network operating systems such as Windows and Linux
This course will help participants to
- Identify and react to real-world cybersecurity threats in a controlled, safe learning environment
- Analyze real-time network activities using Intrusion Detection Systems, Network Packet Captures, Connection Logs, and other monitoring tools
- Hunt for digital artifacts given a set of questions
- Interrogate Windows and Linux systems for Indicators of Compromise (IOCs)
- Adapt knowledge and skills to a diverse set of cybersecurity tools
- Collaborate with immediate and extended Incident Response team members
- Network and System Monitoring
- Intrusion Detection Systems
- Event Collection, Analysis, and Correlation
- Digital Investigation (aka Forensics) Best Practices
- Volatile and Persistent System Data Analysis
- Common Cyber Attacks and Preventive Measures
Participants will receive course handouts with lectures and lab manuals.
This course has no prerequisites.
Training courses provided by the SEI are not academic courses for academic credit toward a degree. Any certificates provided are evidence of the completion of the courses and are not official academic credentials. For more information about SEI training courses, see Registration Terms and Conditions and Confidentiality of Course Records.