69 Investigation courses delivered Live Online

Duration 4 Days 24 CPD hours This course is intended for The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders. Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft 365 Defender, and third-party security products. Since the Security Operations Analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies. Learn how to investigate, respond to, and hunt for threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender. In this course you will learn how to mitigate cyberthreats using these technologies. Specifically, you will configure and use Microsoft Sentinel as well as utilize Kusto Query Language (KQL) to perform detection, analysis, and reporting. The course was designed for people who work in a Security Operations job role and helps learners prepare for the exam SC-200: Microsoft Security Operations Analyst. Prerequisites Basic understanding of Microsoft 365 Fundamental understanding of Microsoft security, compliance, and identity products Intermediate understanding of Windows 10 Familiarity with Azure services, specifically Azure SQL Database and Azure Storage Familiarity with Azure virtual machines and virtual networking Basic understanding of scripting concepts. 1 - Introduction to Microsoft 365 threat protection Explore Extended Detection & Response (XDR) response use cases Understand Microsoft Defender XDR in a Security Operations Center (SOC) Explore Microsoft Security Graph Investigate security incidents in Microsoft Defender XDR 2 - Mitigate incidents using Microsoft 365 Defender Use the Microsoft Defender portal Manage incidents Investigate incidents Manage and investigate alerts Manage automated investigations Use the action center Explore advanced hunting Investigate Microsoft Entra sign-in logs Understand Microsoft Secure Score Analyze threat analytics Analyze reports Configure the Microsoft Defender portal 3 - Protect your identities with Microsoft Entra ID Protection Microsoft Entra ID Protection overview Detect risks with Microsoft Entra ID Protection policies Investigate and remediate risks detected by Microsoft Entra ID Protection 4 - Remediate risks with Microsoft Defender for Office 365 Automate, investigate, and remediate Configure, protect, and detect Simulate attacks 5 - Safeguard your environment with Microsoft Defender for Identity Configure Microsoft Defender for Identity sensors Review compromised accounts or data Integrate with other Microsoft tools 6 - Secure your cloud apps and services with Microsoft Defender for Cloud Apps Understand the Defender for Cloud Apps Framework Explore your cloud apps with Cloud Discovery Protect your data and apps with Conditional Access App Control Walk through discovery and access control with Microsoft Defender for Cloud Apps Classify and protect sensitive information Detect Threats 7 - Respond to data loss prevention alerts using Microsoft 365 Describe data loss prevention alerts Investigate data loss prevention alerts in Microsoft Purview Investigate data loss prevention alerts in Microsoft Defender for Cloud Apps 8 - Manage insider risk in Microsoft Purview Insider risk management overview Create and manage insider risk policies Investigate insider risk alerts Take action on insider risk alerts through cases Manage insider risk management forensic evidence Create insider risk management notice templates 9 - Investigate threats by using audit features in Microsoft Defender XDR and Microsoft Purview Standard Explore Microsoft Purview Audit solutions Implement Microsoft Purview Audit (Standard) Start recording activity in the Unified Audit Log Search the Unified Audit Log (UAL) Export, configure, and view audit log records Use audit log searching to investigate common support issues 10 - Investigate threats using audit in Microsoft Defender XDR and Microsoft Purview (Premium) Explore Microsoft Purview Audit (Premium) Implement Microsoft Purview Audit (Premium) Manage audit log retention policies Investigate compromised email accounts using Purview Audit (Premium) 11 - Investigate threats with Content search in Microsoft Purview Explore Microsoft Purview eDiscovery solutions Create a content search View the search results and statistics Export the search results and search report Configure search permissions filtering Search for and delete email messages 12 - Protect against threats with Microsoft Defender for Endpoint Practice security administration Hunt threats within your network 13 - Deploy the Microsoft Defender for Endpoint environment Create your environment Understand operating systems compatibility and features Onboard devices Manage access Create and manage roles for role-based access control Configure device groups Configure environment advanced features 14 - Implement Windows security enhancements with Microsoft Defender for Endpoint Understand attack surface reduction Enable attack surface reduction rules 15 - Perform device investigations in Microsoft Defender for Endpoint Use the device inventory list Investigate the device Use behavioral blocking Detect devices with device discovery 16 - Perform actions on a device using Microsoft Defender for Endpoint Explain device actions Run Microsoft Defender antivirus scan on devices Collect investigation package from devices Initiate live response session 17 - Perform evidence and entities investigations using Microsoft Defender for Endpoint Investigate a file Investigate a user account Investigate an IP address Investigate a domain 18 - Configure and manage automation using Microsoft Defender for Endpoint Configure advanced features Manage automation upload and folder settings Configure automated investigation and remediation capabilities Block at risk devices 19 - Configure for alerts and detections in Microsoft Defender for Endpoint Configure advanced features Configure alert notifications Manage alert suppression Manage indicators 20 - Utilize Vulnerability Management in Microsoft Defender for Endpoint Understand vulnerability management Explore vulnerabilities on your devices Manage remediation 21 - Plan for cloud workload protections using Microsoft Defender for Cloud Explain Microsoft Defender for Cloud Describe Microsoft Defender for Cloud workload protections Enable Microsoft Defender for Cloud 22 - Connect Azure assets to Microsoft Defender for Cloud Explore and manage your resources with asset inventory Configure auto provisioning Manual log analytics agent provisioning 23 - Connect non-Azure resources to Microsoft Defender for Cloud Protect non-Azure resources Connect non-Azure machines Connect your AWS accounts Connect your GCP accounts 24 - Manage your cloud security posture management? Explore Secure Score Explore Recommendations Measure and enforce regulatory compliance Understand Workbooks 25 - Explain cloud workload protections in Microsoft Defender for Cloud Understand Microsoft Defender for servers Understand Microsoft Defender for App Service Understand Microsoft Defender for Storage Understand Microsoft Defender for SQL Understand Microsoft Defender for open-source databases Understand Microsoft Defender for Key Vault Understand Microsoft Defender for Resource Manager Understand Microsoft Defender for DNS Understand Microsoft Defender for Containers Understand Microsoft Defender additional protections 26 - Remediate security alerts using Microsoft Defender for Cloud Understand security alerts Remediate alerts and automate responses Suppress alerts from Defender for Cloud Generate threat intelligence reports Respond to alerts from Azure resources 27 - Construct KQL statements for Microsoft Sentinel Understand the Kusto Query Language statement structure Use the search operator Use the where operator Use the let statement Use the extend operator Use the order by operator Use the project operators 28 - Analyze query results using KQL Use the summarize operator Use the summarize operator to filter results Use the summarize operator to prepare data Use the render operator to create visualizations 29 - Build multi-table statements using KQL Use the union operator Use the join operator 30 - Work with data in Microsoft Sentinel using Kusto Query Language Extract data from unstructured string fields Extract data from structured string data Integrate external data Create parsers with functions 31 - Introduction to Microsoft Sentinel What is Microsoft Sentinel? How Microsoft Sentinel works When to use Microsoft Sentinel 32 - Create and manage Microsoft Sentinel workspaces Plan for the Microsoft Sentinel workspace Create a Microsoft Sentinel workspace Manage workspaces across tenants using Azure Lighthouse Understand Microsoft Sentinel permissions and roles Manage Microsoft Sentinel settings Configure logs 33 - Query logs in Microsoft Sentinel Query logs in the logs page Understand Microsoft Sentinel tables Understand common tables Understand Microsoft Defender XDR tables 34 - Use watchlists in Microsoft Sentinel Plan for watchlists Create a watchlist Manage watchlists 35 - Utilize threat intelligence in Microsoft Sentinel Define threat intelligence Manage your threat indicators View your threat indicators with KQL 36 - Connect data to Microsoft Sentinel using data connectors Ingest log data with data connectors Understand data connector providers View connected hosts 37 - Connect Microsoft services to Microsoft Sentinel Plan for Microsoft services connectors Connect the Microsoft Office 365 connector Connect the Microsoft Entra connector Connect the Microsoft Entra ID Protection connector Connect the Azure Activity connector 38 - Connect Microsoft Defender XDR to Microsoft Sentinel Plan for Microsoft Defender XDR connectors Connect the Microsoft Defender XDR connector Connect Microsoft Defender for Cloud connector Connect Microsoft Defender for IoT Connect Microsoft Defender legacy connectors 39 - Connect Windows hosts to Microsoft Sentinel Plan for Windows hosts security events connector Connect using the Windows Security Events via AMA Connector Connect using the Security Events via Legacy Agent Connector Collect Sysmon event logs 40 - Connect Common Event Format logs to Microsoft Sentinel Plan for Common Event Format connector Connect your external solution using the Common Event Format connector 41 - Connect syslog data sources to Microsoft Sentinel Plan for syslog data collection Collect data from Linux-based sources using syslog Configure the Data Collection Rule for Syslog Data Sources Parse syslog data with KQL 42 - Connect threat indicators to Microsoft Sentinel Plan for threat intelligence connectors Connect the threat intelligence TAXII connector Connect the threat intelligence platforms connector View your threat indicators with KQL 43 - Threat detection with Microsoft Sentinel analytics What is Microsoft Sentinel Analytics? Types of analytics rules Create an analytics rule from templates Create an analytics rule from wizard Manage analytics rules 44 - Automation in Microsoft Sentinel Understand automation options Create automation rules 45 - Threat response with Microsoft Sentinel playbooks What are Microsoft Sentinel playbooks? Trigger a playbook in real-time Run playbooks on demand 46 - Security incident management in Microsoft Sentinel Understand incidents Incident evidence and entities Incident management 47 - Identify threats with Behavioral Analytics Understand behavioral analytics Explore entities Display entity behavior information Use Anomaly detection analytical rule templates 48 - Data normalization in Microsoft Sentinel Understand data normalization Use ASIM Parsers Understand parameterized KQL functions Create an ASIM Parser Configure Azure Monitor Data Collection Rules 49 - Query, visualize, and monitor data in Microsoft Sentinel Monitor and visualize data Query data using Kusto Query Language Use default Microsoft Sentinel Workbooks Create a new Microsoft Sentinel Workbook 50 - Manage content in Microsoft Sentinel Use solutions from the content hub Use repositories for deployment 51 - Explain threat hunting concepts in Microsoft Sentinel Understand cybersecurity threat hunts Develop a hypothesis Explore MITRE ATT&CK 52 - Threat hunting with Microsoft Sentinel Explore creation and management of threat-hunting queries Save key findings with bookmarks Observe threats over time with livestream 53 - Use Search jobs in Microsoft Sentinel Hunt with a Search Job Restore historical data 54 - Hunt for threats using notebooks in Microsoft Sentinel Access Azure Sentinel data with external tools Hunt with notebooks Create a notebook Explore notebook code

Duration 1 Days 6 CPD hours This course is intended for This course is designed primarily for IT leaders and company executives who are responsible for complying with incident response legislation. This course focuses on the knowledge, resources, and skills necessary to comply with incident response, and incident handling process requirements. Overview In this course, you will understand, assess and respond to security threats and operate a system and network security analysis platform. You will: Explain the importance of best practices in preparation for incident response Given a scenario, execute incident response process Explain general mitigation methods and devices Assess and comply with current incident response requirements. This course covers incident response methods and procedures are taught in alignment with industry frameworks such as US-CERT?s NCISP (National Cyber Incident Response Plan), and Presidential Policy Directive (PPD) 41 on Cyber Incident Coordination Policy. It is ideal for candidates who have been tasked with managing compliance with state legislation and other regulatory requirements regarding incident response, and for executing standardized responses to such incidents. The course introduces procedures and resources to comply with legislative requirements regarding incident response. This course is designed to assist students in preparing for the CertNexus Incident Responder Credential (CIR-110). What you learn and practice in this course can be a significant part of your preparation. Assessment of Information Security Risks The Importance of Risk Management Integrating Documentation into Risk Management Response to Cybersecurity Incidents Deployment of Incident Handling and Response Architecture Containment and Mitigation of Incidents Preparation for Forensic Investigation as a CSIRT Investigating Cybersecurity Incidents Use a Forensic Investigation Plan Securely Collect and Analyze Electronic Evidence Follow Up on the Results of an Investigation Complying with Legislation Examples of Legislation (if this is covered in above topics, no need to include here) GDPR, HIPPA, Elections Case study: Incident Response and GDPR (Using GDPR legislation, create a response that is compliant with it ? this could be discussion-based activity as well.) State Legislation Resources and Example Search terms to find state legislation Using NYS as example use the NYS Privacy Response act or other legislation to create a similar case study as previous. Provide answers on when to use federal versus state and do you have to follow both?

Details This course is aimed at Water and Wastewater managers, field managers, asset managers and others involved in meeting compliance within the Water industry. As Wastewater Treatment compliance now comes under increasing regulatory scrutiny from OFWAT the overall ability of the Water Industry to effectively oversee and manage the Wastewater Treatment process comes under sharper focus. Demonstrating the competence of those responsible will likely become increasingly the focus of public awareness and form a key strand of the regulator’s investigation. Main themes Demonstrate an understanding of the current regulatory framework pertaining to pollution incidents Understand the sources of pollution Understand pollution risks specific to the Water and Wastewater industry Critically analyse the stakeholders’ views of pollution from the Water and Wastewater industry Understand the importance of stakeholder communication, feedback and involvement in the context of pollution incidents Understand the impact of pollution in terms of the environment, customers, cost, H&S and from the regulatory perspective Describe the cumulative effect of point source and diffuse sources of pollution Describe and explain the collective responsibilities and ethical and moral issues as pertaining to pollution incidents Critically evaluate the use of internal systems and mechanisms for delivery of pollution risk reduction strategies Develop a pollution risk reduction strategy appropriate to your organisation. Instructions This online course will be delivered using CISCO Webex. You will need a suitable device with a camera and microphone like a laptop. If you have any questions about what is required, please contact us on enquiries@learninganddevelopment.associates. Qualification All learners taking the qualification will need to produce identification to enable ProQual registration. This can take the form of a: Passport Driving Licence Construction Skills Certification Scheme Card (CSCS Card) Construction Plant Competence Scheme Card (CPCS Card) If none of the above are available to the learner, a photograph with a statement confirming their identity, dated and signed, along with a utility bill, would be acceptable.

Duration 1 Days 6 CPD hours This course is intended for Security operations personnel, including analysts and incident responders Overview By the end of the course, you should be able to meet the following objectives: Utilize Carbon Black EDR throughout an incident Implement a baseline configuration for Carbon Black EDR Determine if an alert is a true or false positive Fully scope out an attack from moment of compromise Describe Carbon Black EDR capabilities available to respond to an incident Create addition detection controls to increase security This course teaches you how to use the VMware Carbon Black© EDR? product during incident response. Using the SANS PICERL framework, you will configure the server and perform an investigation on a possible incident. This course provides guidance on using Carbon Black EDR capabilities throughout an incident with an in-depth, hands-on, scenariobased lab. Course Introduction Introductions and course logistics Course objectives VMware Carbon Black EDR & Incident Response Framework identification and process Preparation Implement the Carbon Black EDR instance according to organizational requirements Identification Use initial detection mechanisms Process alerts Proactive threat hunting Incident determination Containment Incident scoping Artifact collection Investigation Eradication Hash banning Removing artifacts Continuous monitoring Recovery Rebuilding endpoints Getting to a more secure state Lessons Learned Tuning Carbon Black EDR Incident close out

The course covers investigation and risk assessment of asbestos-contaminated soils and sites, including waste classification and land remediation. It will cover the current HSE and EA legislation and guidance, assessing risk to health from asbestos in soils and how to assess the land, analysis types and interpretation, and remedial actions.

Duration 5 Days 30 CPD hours This course is intended for ECSS is designed for anyone who wants to enhance their skills and make a career in information security, network security, and computer forensics fields. It can be IT Specialists, Network Administrators, or System Administrators. Overview Upon successful completion of this course, students will learn: Key issues plaguing the information security, network security, and computer forensics. Fundamentals of networks and various components of the OSI and TCP/IP model. Various network security protocols. Various types of information security threats and attacks, and their countermeasures. Social engineering techniques, identify theft, and social engineering countermeasures. Different stages of the hacking cycle Identification, authentication, and authorization concepts Different types of cryptography ciphers, Public Key Infrastructure (PKI), cryptography attacks, and cryptanalysis tools. Fundamentals of firewall, techniques for bypassing firewall, and firewall technologies such as Bastion Host, DMZ, Proxy Servers, Network Address Translation, Virtual Private Network, and Honeypot. Fundamentals of IDS and IDS evasion techniques. Data backup techniques and VPN security. Wireless Encryption, wireless threats, wireless hacking tools, and Wi-Fi security. Different types of web server and web application attacks, and countermeasures. Fundamentals of ethical hacking and pen testing. Incident handling and response process. Cyber-crime and computer forensics investigation methodology. Different types of digital evidence and digital evidence examination process. Different type of file systems and their comparison (based on limit and features). Gathering volatile and non-volatile information from Windows and network forensics analysis mechanism. Steganography and its techniques. Different types of log capturing, time synchronization, and log capturing tools. E-mails tracking and e-mail crimes investigation. Writing investigation report. This is an entry-level security program covering the fundamental concepts and giving a holistic overview of the key components of information security, computer forensics, and network security. Course Outline Information Security Fundamentals Networking Fundamentals Secure Network Protocols Information Security Threats and Attacks Social Engineering Hacking Cycle Identification, Authentication, and Authorization Cryptography Firewalls Intrusion Detection System Data Backup Virtual Private Network Wireless Network Security Web Security Ethical Hacking and Pen Testing Incident Response Computer Forensics Fundamentals Digital Evidence Understanding File Systems Windows Forensics Network Forensics and Investigating Network Traffic Steganography Analyzing Logs E-mail Crime and Computer Forensics Writing Investigative Report Additional course details: Nexus Humans EC-Council Certified Security Specialist (ECSS) training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the EC-Council Certified Security Specialist (ECSS) course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

The course covers investigation and risk assessment of asbestos-contaminated soils and sites, including waste classification and land remediation. It will cover the current HSE and EA legislation and guidance, assessing risk to health from asbestos in soils and how to assess the land, analysis types and interpretation, and remedial actions.

Duration 5 Days 30 CPD hours This course is intended for IS Security Officers IS Managers Virtualization Engineers and Managers Cloud Security Managers Overview Upon completion, the Certified Digital Forensics Examiner candidate will be able to competently take the CDFE exam. The Certified Digital Forensics Examiner, C)DFE certification is designed to train Cyber Crime and Fraud Investigators. Students are taught electronic discovery and advanced investigation techniques.ÿ This course is essential to anyone encountering digital evidence while conducting an investigation. Mile2?s Certified Digital Forensics Examiner training teaches the methodology for conducting a computer forensic examination. Students will learn to use forensically sound investigative techniques in order to evaluate the scene, collect and document all relevant information, interview appropriate personnel, maintain chain-of-ðcustody, and write a findings report. Through the use of a risk-based approach, the C)DFE is able to implement and maintain cost-effective security controls that are closely aligned with both business and industry standards. Course Outline Computer Forensic Incidents Investigative Theory Investigative Process Digital Acquisition and Analysis Disks and Storages Live Acquisitions Windows Forensics Linux Forensics Mac Forensics Examination Protocols Digital Evidence Protocols Digital Evidence Presentation Laboratory Protocols Specialized Artifact Recovery eDiscovery and ESI Mobile Forensics Incident Handling Reporting Additional course details: Nexus Humans C)DFE - Certified Digital Forensics Examiner Mile 2 training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the C)DFE - Certified Digital Forensics Examiner Mile 2 course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

Duration 3 Days 18 CPD hours This course is intended for The Foundation course is designed for individuals who want to gain an overview of Business Analysis (Business Analysts, Requirements Engineers, Product manager, Product Owner, Chief Product Owner, Service Manager, Service Owner, Project manager, Consultants) Overview Students should be able to demonstrate knowledge and understanding of business analysis principles and techniques. Key areas are: the role and competencies of a business analyst strategy analysis business system and business process modelling stakeholder analysis investigation and modelling techniques requirements engineering business case development The business analyst role analyzes, understands and manages the requirements in a customer-supplier relationship and ensures that the right products are delivered. The Foundation Seminar gives a good introduction to the spectrum of this responsibility. Course Introduction Let?s Get to Know Each Other Course Overview Course Learning Objectives Course Structure Course Agenda Introduction to Business Analysis Structure and Benefits of Business Analysis Foundation Exam Details Business Analysis Certification Scheme What is Business Analysis? Intent and Context Origins of business analysis The development of business analysis The scope of business analysis work Taking a holistic approach The role and responsibilities of the business analyst The competencies of a Business Analyst Personal qualities Business knowledge Professional techniques The development of competencies Strategy Analysis The context for strategy The defiition of strategy Strategy development External environmental analysis Internal invironmental analysis SWOT analysis Executing strategy Business Analysis Process Model An approach to problem solving Stages of the business analysis process model Objectives of the process model stages Procedures for each process model stage Techniques used within each process model stage Investigation Techniques Interviews Observation Workshops Scenarios Prototyping Quantitative approaches Documenting the current situation Stakeholder Analysis and Management Stakeholder categories and identification Analysing stakeholders Stakeholder management strategies Managing stakeholders Understanding stakeholder perspectives Business activity models Modelling Business Processes Organizational context An altrnative view of an organization The organizational view of business processes Value propositions Process models Analysing the as-is process model Improving business processes (to-be business process) Defining the Solution Gab analysis Introduction to Business Architecture Definition to Business Architecture Business Architecture techniques Business and Financial Case The business case in the project lifecycle Identifying options Assessing project feasibility Structure of a business case Investment appraisal Establishing the Requirements A framework for requirements engineering Actors in requirements engineering Requirements elicitation Requirements analysis Requirements validation Documenting and Managing the Requirements The requirements document The requirements catalogue Managing requirements Modelling the Requirements Modelling system functions Modelling system data Delivering the Requirements Delivering the solution Context Lifecycles Delivering the Business Solution BA role in the business change lifecycle Design stage Implementation stage Realization stage

Duration 5 Days 30 CPD hours This course is intended for Although there are no mandatory prerequisites, the course is particularly suited for the following audiences: Cybersecurity engineer Cybersecurity investigator Incident manager Incident responder Network engineer SOC analysts currently functioning at entry level with 2+ years of experience Overview After taking this course, you should be able to: Describe the types of service coverage within a SOC and operational responsibilities associated with each. Compare security operations considerations of cloud platforms. Describe the general methodologies of SOC platforms development, management, and automation. Explain asset segmentation, segregation, network segmentation, micro-segmentation, and approaches to each, as part of asset controls and protections. Describe Zero Trust and associated approaches, as part of asset controls and protections. Perform incident investigations using Security Information and Event Management (SIEM) and/or security orchestration and automation (SOAR) in the SOC. Use different types of core security technology platforms for security monitoring, investigation, and response. Describe the DevOps and SecDevOps processes. Explain the common data formats, for example, JavaScript Object Notation (JSON), HTML, XML, CommaSeparated Values (CSV). Describe API authentication mechanisms. Analyze the approach and strategies of threat detection, during monitoring, investigation, and response. Determine known Indicators of Compromise (IOCs) and Indicators of Attack (IOAs). Interpret the sequence of events during an attack based on analysis of traffic patterns. Describe the different security tools and their limitations for network analysis (for example, packet capture tools, traffic analysis tools, network log analysis tools). Analyze anomalous user and entity behavior (UEBA). Perform proactive threat hunting following best practices. The Performing CyberOps Using Cisco Security Technologies (CBRCOR) v1.0 course guides you through cybersecurity fundamentals and prepares you for the role of Information Security Analyst on a Security Operations Center team. You?ll learn to automate for security using cloud platforms and how to apply your knowledge to real-world scenarios Course Outline Understanding Risk Management and SOC Operations Understanding Analytical Processes and Playbooks Investigating Packet Captures, Logs, and Traffic Analysis Investigating Endpoint and Appliance Logs Understanding Cloud Service Model Security Responsibilities Understanding Enterprise Environment Assets Threat Tuning Threat Researching and Threat Intelligence Practices Understanding APIs Understanding SOC Development and Deployment Models Performing Security Analytics and Reports in a SOC Malware Forensics Basics Threat Hunting Basics Additional course details: Nexus Humans Cisco Performing CyberOps Using Cisco Security Technologies (CBRCOR) v1.0 training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward. This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts. Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success. While we feel this is the best course for the Cisco Performing CyberOps Using Cisco Security Technologies (CBRCOR) v1.0 course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you. Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.