Performing CyberOps Using Cisco Security Technologies (CBRCOR)

Этот курс поможет:
  • Gain an advanced understanding of the tasks involved for senior-level roles in a security operations center  
  • Configure common tools and platforms used by security operation teams via practical application  
  • Prepare you to respond like a hacker in real-life attack scenarios and submit recommendations to senior management  
  • Prepares you for the Performing CyberOps Using Cisco Security Technologies (350-201 CBRCOR) exam 

Программа курса:

  • Explore Cisco SecureX Orchestration 
  • Explore Splunk Phantom Playbooks 
  • Examine Cisco Firepower Packet Captures and PCAP Analysis 
  • Validate an Attack and Determine the Incident Response 
  • Submit a Malicious File to Cisco Threat Grid for Analysis 
  • Endpoint-Based Attack Scenario Referencing MITRE ATTACK 
  • Evaluate Assets in a Typical Enterprise Environment 
  • Explore Cisco Firepower NGFW Access Control Policy and Snort Rules 
  • Investigate IOCs from Cisco Talos Blog Using Cisco SecureX 
  • Explore the ThreatConnect Threat Intelligence Platform 
  • Track the TTPs of a Successful Attack Using a TIP 
  • Query Cisco Umbrella Using Postman API Client 
  • Fix a Python API Script 
  • Create Bash Basic Scripts 
  • Reverse Engineer Malware 
  • Perform Threat Hunting 
  • Conduct an Incident Response 

 

Вы научитесь:

  • Describe the types of service coverage within a SOC and operational responsibilities associated with each
  • Compare security operations considerations of cloud platforms
  • Describe the general methodologies of SOC platforms development, management, and automation
  • Explain asset segmentation, segregation, network segmentation, micro-segmentation, and approaches to each, as part of asset controls and protections
  • Describe Zero Trust and associated approaches, as part of asset controls and protections
  • Perform incident investigations using Security Information and Event Management (SIEM) and/or security orchestration and automation (SOAR) in the SOC
  • Use different types of core security technology platforms for security monitoring, investigation, and response
  • Describe the DevOps and SecDevOps processes
  • Explain the common data formats, for example, JavaScript Object Notation (JSON), HTML, XML, Comma-Separated Values (CSV)
  • Describe API authentication mechanisms
  • Analyze the approach and strategies of threat detection, during monitoring, investigation, and response
  • Determine known Indicators of Compromise (IOCs) and Indicators of Attack (IOAs)
  • Interpret the sequence of events during an attack based on analysis of traffic patterns
  • Describe the different security tools and their limitations for network analysis (for example, packet capture tools, traffic analysis tools, network log analysis tools)
  • Analyze anomalous user and entity behavior (UEBA)
  • Perform proactive threat hunting following best practices

Предварительные требования:

To fully benefit from this training, you should have the following knowledge: 

  • Familiarity with UNIX/Linux shells (bash, csh) and shell commands
  • Familiarity with the Splunk search and navigation functions
  • Basic understanding of scripting using one or more of Python, JavaScript, PHP or similar

Recommended Cisco offering that may help you prepare for this training: 

  • Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
  • Implementing and Administering Cisco Solutions (CCNA)
Записаться на курс Performing CyberOps Using Cisco Security Technologies (CBRCOR)