Implementing Cisco Cybersecurity Operations

5 Day Course
Hands On
Official Curriculum
Code SECOPS

This course has been superseded by the Understanding Cisco Cybersecurity Operations Fundamentals course.

Modules

Hide all

SOC Overview (4 topics)

  • Defining the Security Operations Center
  • Understanding NSM Tools and Data
  • Understanding Incident Analysis in a Threat-Centric SOC
  • Identifying Resources for Hunting Cyber Threats

Security Incident Investigations (5 topics)

  • Understanding Event Correlation and Normalization
  • Identifying Common Attack Vectors
  • Identifying Malicious Activity
  • Identifying Patterns of Susupicious Behavior
  • Conducting Security Incident Investigations

SOC Operations (6 topics)

  • Describing the SOC Playbook
  • Understanding the SOC Metrics
  • Understanding the SOC WMS and Automation
  • Describing the Incident Response Plan
  • Appendix A - Describing the Computer Security Incident Response Team
  • Appendix B - Understanding the use of VERIS

Labs (9 topics)

  • Guided Lab 1: Explore Network Security Monitoring Tools
  • Discovery 1: Investigate Hacker Methodology
  • Discovery 2: Hunt Malicious Traffic
  • Discovery 3: Correlate Event Logs, PCAPs, and Alerts of an Attack
  • Discovery 4: Investigate Browser-Based Attacks
  • Discovery 5: Analyze Suspicious DNS Activity
  • Discovery 6: Investigate Suspicious Activity Using Security Onion
  • Discovery 7: Investigate Advanced Persistent Threats
  • Discovery 8: Explore SOC Playbooks

Prerequisites

Attendees should ideally meet the following prerequsites:

  • Skills and knowledge equivalent to those learned in Interconnecting Cisco Networking Devices Part 1 (ICND1)
  • Skills and knowledge equivalent to those learned in Security Fundamentals (SECFND)
  • Working knowledge of the Windows operating system
  • Working knowledge of Cisco IOS networking and concepts

Sections