Skip to main content

Search Shelves Books Log in

Details

Revision #1

Created 1 year ago by naruzkurai

Updated 1 year ago by naruzkurai

Actions

Revisions

Export

Contained Web File.html
PDF File.pdf
Plain Text File.txt
Markdown File.md

Book Navigation

[Completed] Professional Google Cybersecurity Specialization C6/8; Sound the Alarm: Detection and Response
Introduction to Course 6
Terms and definitions from the certificate
Dave: Grow your cybersecurity career with mentors
Welcome to week 1
Introduction to the incident response lifecycle
Incident response teams
Fatima: The importance of communication during incident response
Roles in response
Incident response plans
Incident response tools
The value of documentation
Intrusion detection systems
Overview of detection tools
Alert and event management with SIEM and SOAR tools
Wrap-up; Terms and definitions from Course 6, Week 1
Welcome to week 2
Casey: Apply soft skills in cybersecurity
The importance of network traffic flows
Maintain awareness with network monitoring
Data exfiltration attacks
Packets and packet captures
Learn more about packet captures
Interpret network communications with packets
Reexamine the fields of a packet header
Investigate packet details
Packet captures with tcpdump
example tcp dump activity
Activity: Research network protocol analyzers
Wrap-up; Terms and definitions from Course 6, Module 2
Welcome to module 3 ; The detection and analysis phase of the lifecycle
Cybersecurity incident detection methods
MK: Changes in the cybersecurity industry
Indicators of compromise
Analyze indicators of compromise with investigative tools
Analyze indicators of compromise with investigative tools
The benefits of documentation
Document evidence with chain of custody forms
Best practices for effective documentation
The value of cybersecurity playbooks
Generic Phishing Playbook Version 1.0
The role of triage in incident response
Robin: Foster cross-team collaboration
The triage process
The containment, eradication, and recovery phase of the lifecycle
Business continuity considerations
The post-incident activity phase of the lifecycle
Post-incident review
Wrap-up; Terms and definitions from Course 6, Module 3
read
Welcome to module 4
The importance of logs
The importance of logs
Best practices for log collection and management
Rebecca: Learn new tools and technologies
Variations of logs
Overview of log file formats
Security monitoring with detection tools
Detection tools and techniques
Grace: Security mindset in detection and response
Components of a detection signature
Examine signatures with Suricata
Examine signatures with Suricata
Examine Suricata logs
Overview of Suricata
Activity: Explore signatures and logs with Suricata
Reexamine SIEM tools
Log sources and log ingestion
Query for events with Splunk
Search methods with SIEM tools
Follow-along guide for Splunk sign-up
Wrap-up; Glossary terms from module 4
Course wrap-up
Terms and definitions from Course 6, course 6 glossary

Books

[Completed] Profession...

Introduction to Course 6

Security attacks are on the rise, and new vulnerabilities are exploited and discovered every week.

No matter how prepared an organization may be in the event of a security attack, at some point something goes wrong.

Whether it's a data breach, ransomware, or a simple mistake made by an employee, incidents happen. And it's up to security professionals like you to effectively respond to security incidents.

Hello and welcome to the course!

I'm Dave, and I'm a Principal Security Strategist for Google Cloud.

I have 20 years of experience as a security practitioner and leader.

Over the past eight years, I've worked at industry-leading security vendors like Fortinet, Splunk, and Google, where I developed

a specialty in security analytics.

I have a passion for helping analysts develop the skills necessary to succeed in their careers.

I'm so happy you're here.

You've done a great job so far.

You've learned a lot about security concepts, best practices, and types of security attacks.

Now in this course, we'll focus on incident detection, analysis, and response.

You'll have the opportunity to apply your learning using tools such as tcpdump, Wireshark, Suricata, Splunk, and Chronicle.

By the end of this course, you'll have an in-depth understanding of incident response.

First, you'll learn about the incident response lifecycle and how incident response teams work together.

You'll also learn about the types of tools used in detection and response, including documentation.

You'll also be given your own incident handler's journal that you'll use during your investigations.

Next, you'll apply your knowledge and networking in Linux to monitor and analyze network traffic using packet sniffers like Wireshark and tcpdump to capture and analyze packets for potential indicators of security incidents.

Then, you'll become familiar with the common processes and procedures used during incident detection and response.

You'll learn how to use investigative tools to analyze and verify incidents and produce documentation.

Finally, you'll learn how to interpret logs and alerts.

You'll learn how detection tools produce logs and how these logs are analyzed in security information and event management tools.

Ready to begin? Let's get started!

No Comments

Back to top