Skip to main content

[Completed] Professional Google Cybersecurity Specialization C6/8; Sound the Alarm: Detection and Response

Introduction to Course 6

Security attacks are on the rise, and new vulnerabilities are exploited and discovered ever...

Terms and definitions from the certificate

Google Cybersecurity Certificate glossary from: "Sound the Alarm: Detection and Response; part 6 ...

Dave: Grow your cybersecurity career with mentors

My name is Dave.  I'm a Principal Security Strategist with Google Cloud.  My job is to work d...

Welcome to week 1

Welcome. In my role as Principal Security Strategist, I've seen how the incident response...

Introduction to the incident response lifecycle

Incident lifecycle frameworks provide a structure to support incident response operations. ...

Incident response teams

Hi again! In this section, we'll discuss how incident response teams manage incidents.  ...

Fatima: The importance of communication during incident response

My name is Fatima, and I'm a tech lead manager on Google's Detection and Response Team. If th...

Roles in response

So far, you've been introduced to the National Institute of Standards and Technology (NIST) Incid...

Incident response plans

So you've learned about incident response teams, the different types of roles, and their ...

Incident response tools

As a security analyst, you'll play an important role in incident detection. After all, yo...

The value of documentation

Hi there. Previously, you learned how an incident handler's journal is used for documenti...

Intrusion detection systems

In this video, we'll introduce you to intrusion detection and intrusion prevention systems....

Overview of detection tools

Previously, you explored intrusion detection system (IDS) and intrusion prevention system (IPS) t...

Alert and event management with SIEM and SOAR tools

Our discussion on detection tools may have left you wondering where alerts are sent and h...

Wrap-up; Terms and definitions from Course 6, Week 1

Way to go! You made it through a new section, and you've learned a lot. ...

Welcome to week 2

Welcome back! I'm so glad you're joining us. Previously, you were introduced to incident ...

Casey: Apply soft skills in cybersecurity

Hi, my name is Casey and I'm part of the Google Cloud Enterprise Security sales team. First o...

The importance of network traffic flows

In many organizations, network communication travels over multiple networks in different co...

Maintain awareness with network monitoring

Network communication can be noisy! Events like sending an email, streaming a video, or visiting ...

Data exfiltration attacks

Monitoring network traffic helps security professionals detect, prevent, and respond to att...

Packets and packet captures

Whether it's an employee sending an email or a malicious actor attempting to exfiltrate con...

Learn more about packet captures

The role of security analysts involves monitoring and analyzing network traffic flows. One way to...

Interpret network communications with packets

If a packet capture is like intercepting an envelope in the mail, then packet analysis is l...

Reexamine the fields of a packet header

While there are many different tools available to use, it's important as a security analyst...

Investigate packet details

So far, you've learned about how network protocol analyzers (packet sniffers) intercept network c...

Packet captures with tcpdump

Tcpdump is a popular network analyzer. It's pre-installed on many Linux distributions and...

example tcp dump activity

Use ifconfig to identify the interfaces that are available: sudo ifconfig example output ana...

Activity: Research network protocol analyzers

i probably legally cant give you anything coz its an activitybut here is the gist In this activi...

Wrap-up; Terms and definitions from Course 6, Module 2

Nice work so far!ddddddddddddddd Congratulations on capturing and analyzing your first pac...

Welcome to module 3 ; The detection and analysis phase of the lifecycle

Welcome back! I want to commend you on such a fantastic job you're doing so far. The sk...

Cybersecurity incident detection methods

Security analysts use detection tools to help them discover threats, but there are additional met...

MK: Changes in the cybersecurity industry

Hi, I'm MK, Director in the Office of the CISO for Google Cloud. The role of the Chief Inform...

Indicators of compromise

In this reading, you’ll be introduced to the concept of the Pyramid of Pain and you'll explore ex...

Analyze indicators of compromise with investigative tools

So far, you've learned about the different types of detection methods that can be used to detect ...

Analyze indicators of compromise with investigative tools

  So far, you've learned about the different types of detection methods that can be used to dete...

The benefits of documentation

You may recall our discussion on the different documentation tools and types used by securi...

Document evidence with chain of custody forms

Let's continue our discussion on how documentation provides transparency through documents ...

Best practices for effective documentation

Documentation is any form of recorded content that is used for a specific purpose, and it is esse...

The value of cybersecurity playbooks

Have you ever taken a trip to a place you've never visited before? You may have used a tr...

Generic Phishing Playbook Version 1.0

links to original google doc Purpose 2 Using this playbook 2 Step 1: Receive phishing alert 2 ...

The role of triage in incident response

As you've learned, security analysts can be flooded with a large amount of alerts on any given da...

Robin: Foster cross-team collaboration

  My name is Robin, and I am the program management lead for the Red Team at Google. I would say ...

The triage process

Previously, you learned that triaging is used to assess alerts and assign priority to incidents. ...

The containment, eradication, and recovery phase of the lifecycle

 In this video, we'll discuss the third phase of the incident response lifecycle. This phase incl...

Business continuity considerations

Previously, you learned about how security teams develop incident response plans to help ensure t...

The post-incident activity phase of the lifecycle

Now that a security team has successfully contained eradicated and recovered from an incident, th...

Post-incident review

Previously, you explored the Containment, Eradication and Recovery phase of the NIST Incident Res...

Wrap-up; Terms and definitions from Course 6, Module 3

That wraps up our discussion on incident investigation and response.Nice work on finishing up ano...

read

Welcome to module 4

History books. Receipts. Diaries.What do all these things have in common?They record events.Wheth...

The importance of logs

Devices produced data in the form of events.As a refresher, events are observable occurrences tha...

The importance of logs

Devices produced data in the form of events.As a refresher, events are observable occurrences tha...

Best practices for log collection and management

In this reading, you’ll examine some best practices related to log management, storage, and prote...

Rebecca: Learn new tools and technologies

I am Rebecca, I'm a security engineer at Google, and I focus in identity management.The best part...

Variations of logs

When you purchase an item in a store, you usually receive a receipt as a record of purchase.The r...

Overview of log file formats

You’ve learned about how logs record events that happen on a network, or system. In security, log...

Security monitoring with detection tools

Detection requires data, and this data can come from various data sources.You've already explored...

Detection tools and techniques

In this reading, you’ll examine the different types of intrusion detection system (IDS) technolog...

Grace: Security mindset in detection and response

 Hi, I'm Grace, and I work in Detection and Response at Google.When I tell people what I do, they...

Components of a detection signature

As a security analyst, you may be tasked with writing, customizing, or testing signatures.To do t...

Examine signatures with Suricata

Previously, you learned about signature-based analysis.You also learned how to read signatures us...

Examine signatures with Suricata

Previously, you learned about signature-based analysis.You also learned how to read signatures us...

Examine Suricata logs

Now let's examine some logs generated by Suricata.In Suricata, alerts and events are output in a ...

Overview of Suricata

So far, you've learned about detection signatures and you were introduced to Suricata, an inciden...

Activity: Explore signatures and logs with Suricata

Introduction In this lab activity, you'll explore the components of a rule using Suricata. You'l...

Reexamine SIEM tools

As a security analyst, you'll need to be able to quickly access the relevant data required to per...

Log sources and log ingestion

In this reading, you’ll explore more on the importance of log ingestion. You may recall that secu...

Query for events with Splunk

Now that we've reviewed how a SIEM works, let's learn how to search and query events in a SIEM da...

Search methods with SIEM tools

So far, you’ve learned about how you can use security information and event management (SIEM) too...

Follow-along guide for Splunk sign-up

Note: The following reading is an optional supplement to the following course item, Activity: Per...

Wrap-up; Glossary terms from module 4

Congratulations!You've made it to the end of this section.You've made so much progress in your se...

Course wrap-up

Congratulations on completing this course on detection and response!As you've progressed, we've c...

Terms and definitions from Course 6, course 6 glossary

  A Advanced persistent threat (APT): An instance when a threat actor maintains unauthorized ac...
Back to top