Search Results

Previously, you learned that triaging is used to assess alerts and assign priority to incidents. In this reading, you'll explore the triage process and its benefits. As a security analyst, you'll be responsible for analyzing security alerts. Having the skills ...

 In this video, we'll discuss the third phase of the incident response lifecycle. This phase includes the steps for how security teams contain, eradicate, and recover from an incident. It's important to note that these steps interrelate. Containment helps meet...

Previously, you learned about how security teams develop incident response plans to help ensure that there is a prepared and consistent process to quickly respond to security incidents. In this reading, you'll explore the importance that business continuity pl...

Now that a security team has successfully contained eradicated and recovered from an incident, their job is done, right?Not quite.Whether it's a new technology or a new vulnerability, there's always more to learn in the security field.The perfect time for lear...

Previously, you explored the Containment, Eradication and Recovery phase of the NIST Incident Response Lifecycle. This reading explores the activities involved in the final phase of the lifecycle: Post-incident activity. As a security analyst, it's important t...

Working Off-Platform Getting Started: To work on this project, you will need an IDE or text editor and a web browser. You also have the option of downloading the starter files for a quick start. Alternatively, you can use your own existing files or start fro...

That wraps up our discussion on incident investigation and response.Nice work on finishing up another section!We've covered a lot here, so let's take a moment to quickly recap.First, we revisited the detection and analysis phase of the NIST incident response l...

History books. Receipts. Diaries.What do all these things have in common?They record events.Whether it's historical events, financial transactions, or private diary entries, records preserve event details.And having access to these details can help us in many ...

Devices produced data in the form of events.As a refresher, events are observable occurrences that happen on a networksystem or device.This data provides visibility into an environment.Logs are one of the key ways security professionals detect unusual ormalici...

Devices produced data in the form of events.As a refresher, events are observable occurrences that happen on a network system or device.This data provides visibility into an environment.Logs are one of the key ways security professionals detect unusual or mali...

In this reading, you’ll examine some best practices related to log management, storage, and protection. Understanding the best practices related to log collection and management will help improve log searches and better support your efforts in identifying and ...

I am Rebecca, I'm a security engineer at Google, and I focus in identity management.The best part of the job is probably thinking like an attacker.I love that part of seeing how can I break stuff, seeing a system and figuring out how can I get into it.If I was...

When you purchase an item in a store, you usually receive a receipt as a record of purchase.The receipt breaks down the transaction information with details such as the date and time, the cashier's name, the item name, cost, and the method of payment.But, not ...

You’ve learned about how logs record events that happen on a network, or system. In security, logs provide key details about activities that occurred across an organization, like who signed into an application at a specific point in time. As a security analyst...

Detection requires data, and this data can come from various data sources.You've already explored how different devices produce logs.Now we'll examine how different detection technologies monitor devices and log different types of system activity, like network...

In this reading, you’ll examine the different types of intrusion detection system (IDS) technologies and the alerts they produce. You’ll also explore the two common detection techniques used by detection systems. Understanding the capabilities and limitations ...

 Hi, I'm Grace, and I work in Detection and Response at Google.When I tell people what I do, they think it's awesome, I love being able to say, my job is to detect hackers trying to hack Google.There are people who trust us with their data that play critical r...

As a security analyst, you may be tasked with writing, customizing, or testing signatures.To do this, you'll use IDS tools.So in this section, we'll examine signature syntax and by the end, you'll be able to read a signature.A signature specifies detection rul...

Previously, you learned about signature-based analysis.You also learned how to read signatures used in network-based intrusion detection systems.Here, we'll use an open source signature-based IDS called Suricata to examine a signature.Many NIDS technologies co...

Previously, you learned about signature-based analysis.You also learned how to read signatures used in network-based intrusion detection systems.Here, we'll use an open source signature-based IDS called Suricata to examine a signature.Many NIDS technologies co...