Analyst will perform actual Incident Response activities on two different corporate
networks. Both Incident Response simulations are modeled after real-world
scenarios and cutting-edge attacking techniques.
Analyst will blend multiple detection and analysis methodologies to effectively
respond to the exam’s incidents.
After completing this course, Analyst will be able to understand:
- Network packet/traffic analysis
- Tools such as Wireshark, ELK & Splunk
- Actionable SIEM searches
- Event & log correlation
- Event analysis
- Process analysis and anomaly detection
- Understanding and detecting any stage of the “Cyber Kill Chain”
(Information Gathering, Scanning, Exploitation, Post-exploitation)