Performing CyberOps using Cisco Security Technologies (CBRCOR)

Course Objectives:

Upon completion of this course, the learner will be able to meet these overall objectives:   

• Describe the types of service coverage within a SOC and operational responsibilities associated with each.
• Compare security operations considerations of cloud platforms.
• Describe the general methodologies of SOC platforms development, management, and automation.
• Explain asset segmentation, segregation, network segmentation, micro-segmentation, and approaches to each, as part of asset controls and protections.
• Describe Zero Trust and associated approaches, as part of asset controls and protections.
• Perform incident investigations using Security Information and Event Management (SIEM) and/or security orchestration and automation (SOAR) in the SOC.
• Use different types of core security technology platforms for security monitoring, investigation, and response.
• Describe the DevOps and SecDevOps processes.
• Explain the common data formats, for example, JavaScript Object Notation (JSON), HTML, XML, Comma-Separated Values (CSV).
• Describe API authentication mechanisms.
• Analyze the approach and strategies of threat detection, during monitoring, investigation, and response.
• Determine known Indicators of Compromise (IOCs) and Indicators of Attack (IOAs).
• Interpret the sequence of events during an attack based on analysis of traffic patterns.
• Describe the different security tools and their limitations for network analysis (for example, packet capture tools, traffic analysis tools, network log analysis tools).
• Analyze anomalous user and entity behavior (UEBA).
• Perform proactive threat hunting following best practices.

Audience

The primary audience for this course is as follows:

• Cybersecurity engineer
• Cybersecurity investigator
• Incident manager
• Incident responder
• Network engineer
• SOC analysts currently functioning at entry level with a minimum of 1 year of experience

Prerequisites:

The knowledge and skills that the learner should have before attending this course are as follows:

• Familiarity with UNIX/Linux shells (bash, csh) and shell commands.
• Familiarity with the Splunk search and navigation functions
• Basic understanding of scripting using one or more of Python, JavaScript, PHP or similar.

Recommended Cisco offering that may help you prepare for this course:

• Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
• Implementing and Administering Cisco Solutions (CCNA)

Course Outline:

• Understanding Risk Management and SOC Operations
• Understanding Analytical Processes and Playbooks
• Investigating Packet Captures, Logs, and Traffic Analysis
• Investigating Endpoint and Appliance Logs
• Understanding Cloud Service Model Security Responsibilities
• Understanding Enterprise Environment Assets
• Implementing Threat Tuning
• Threat Research and Threat Intelligence Practices
• Understanding APIs
• Understanding SOC Development and Deployment Models
• Performing Security Analytics and Reports in a SOC
• Malware Forensics Basics
• Threat Hunting Basics
• Performing Incident Investigation and Response

Lab Outline:

Labs are designed to assure learners a whole practical experience, through the following practical activities:

• Explore Cisco SecureX Orchestration
• Explore Splunk Phantom Playbooks
• Examine Cisco Firepower Packet Captures and PCAP Analysis
• Validate an Attack and Determine the Incident Response
• Submit a Malicious File to Cisco Threat Grid for Analysis
• Endpoint-Based Attack Scenario Referencing MITRE ATTACK
• Evaluate Assets in a Typical Enterprise Environment
• Explore Cisco Firepower NGFW Access Control Policy and Snort Rules
• Investigate IOCs from Cisco Talos Blog Using Cisco SecureX
• Explore the ThreatConnect Threat Intelligence Platform
• Track the TTPs of a Successful Attack Using a TIP
• Query Cisco Umbrella Using Postman API Client
• Fix a Python API Script
• Create Bash Basic Scripts
• Reverse Engineer Malware
• Perform Threat Hunting
• Conduct an Incident Response