Conducting Threat Hunting and Defending using Cisco Technologies for CyberOps v1.0 (CBRTHD)

The Conducting Threat Hunting and Defending using Cisco Technologies for CyberOps (CBRTHD) training is a 5-day Cisco threat hunting training that introduces and guides you to a proactive security search through networks, endpoints, and datasets to hunt for malicious, suspicious, and risky activities that may have evaded detection by existing tools. In this training, you will learn the core concepts, methods, and processes used in threat hunting investigations. This training provides an environment for attack simulation and threat hunting skill development using a wide array of security products and platforms from Cisco and third-party vendors.

Retail Price: $4,300.00

Next Date: 02/23/2026

Course Days: 5

Enroll in Next Date

Request Custom Course

Objective

After taking this training, you should be able to:

Define threat hunting and identify core concepts used to conduct threat hunting investigations
Examine threat hunting investigation concepts, frameworks, and threat models
Define cyber threat hunting process fundamentals
Define threat hunting methodologies and procedures
Describe network-based threat hunting
Identify and review endpoint-based threat hunting
Identify and review endpoint memory-based threats and develop endpoint-based threat detection
Define threat hunting methods, processes, and Cisco tools that can be utilized for threat hunting
Describe the process of threat hunting from a practical perspective
Describe the process of threat hunt reporting

What to expect in the exam

This training will help you prepare to take the Conducting Threat Hunting and Defending using Cisco Technologies for CyberOps (300-220 CBRTHD) exam.

The exam tests your knowledge of conducting threat hunting and defending, including:

Threat modeling techniques
Threat actor attribution techniques
Threat hunting techniques, processes, and outcomes

After you pass 300-220 CBRTHD exam:

You earn the Cisco Certified Specialist – Threat Hunting and Defending certification
You satisfy the concentration requirement for the Cisco Certified CyberOps Professional certification. To complete your CyberOps Professional certification, pass the CyberOps core exam, 350-201 Performing CyberOps Using Cisco Security Technologies (CBRCOR).

Who Should Attend

This training is designed for the following roles:

Security Operations Center staff
Security Operations Center (SOC) Tier 2 Analysts
Threat Hunters
Cyber Threat Analysts
Threat Managers
Risk Managements

Prerequisites

The knowledge and skills you are expected to have before attending this training are:

General knowledge of networks
Cisco CCNP Security certification

These skills can be found in the following Cisco Learning Offerings:

Implementing and Administering Cisco Solutions (CCNA)
Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
Performing CyberOps Using Cisco Security Technologies (CBRCOR)
Conducting Forensic Analysis and Incident Response Using Cisco Technologies for CyberOps (CBRFIR)

OUTLINE

Threat Hunting Theory
Threat Hunting Concepts, Frameworks, and Threat Models
Threat Hunting Process Fundamentals
Threat Hunting Methodologies and Procedures
Network-Based Threat Hunting
Endpoint-Based Threat Hunting
Endpoint-Based Threat Detection Development
Threat Hunting with Cisco Tools
Threat Hunting Investigation Summary: A Practical Approach
Reporting the Aftermath of a Threat Hunt Investigation

LAB OUTLINE

Categorize Threats with MITRE ATTACK Tactics and Techniques
Compare Techniques Used by Different APTs with MITRE ATTACK Navigator
Model Threats Using MITRE ATTACK and D3FEND
Prioritize Threat Hunting Using the MITRE ATTACK Framework and Cyber Kill Chain
Determine the Priority Level of Attacks Using MITRE CAPEC
Explore the TaHiTI Methodology
Perform Threat Analysis Searches Using OSINT
Attribute Threats to Adversary Groups and Software with MITRE ATTACK
Emulate Adversaries with MITRE Caldera
Find Evidence of Compromise Using Native Windows Tools
Hunt for Suspicious Activities Using Open-Source Tools and SIEM
Capturing of Network Traffic
Extraction of IOC from Network Packets
Usage of ELK Stack for Hunting Large Volumes of Network Data
Analyzing Windows Event Logs and Mapping Them with MITRE Matrix
Endpoint Data Acquisition
Inspect Endpoints with PowerShell
Perform Memory Forensics with Velociraptor
Detect Malicious Processes on Endpoints
Identify Suspicious Files Using Threat Analysis
Conduct Threat Hunting Using Cisco Secure Firewall, Cisco Secure Network Analytics, and Splunk
Conduct Threat Hunt Using Cisco XDR Control Center and Investigate
Initiate, Conduct, and Conclude a Threat Hunt

Course Dates	Course Times (EST)	Delivery Mode
2/23/2026 - 2/27/2026	9:00 AM - 5:00 PM	Virtual	Enroll
6/22/2026 - 6/26/2026	9:00 AM - 5:00 PM	Virtual	Enroll
10/26/2026 - 10/30/2026	9:00 AM - 5:00 PM	Virtual	Enroll