Incident Response Drills for Lv.2 Analyst: Volume 1

Focused View

Greg Song

1:13:19

116 View

1 - Introduction

1 - Introduction.html

2 - Understanding Level 2 Analyst.html

3 - Who needs this exercise and who does not.mp4

01:27

4 - Course Introduction.mp4

02:47

2 - Prework

5 - Key Learning Objectives.mp4

01:23

6 - Data Analysis Tactics Part1.mp4

01:56

6 - Men in Black.txt

7 - Data Analysis Tactics Part2.mp4

02:39

8 - Types of Investigation.mp4

03:27

3 - Incident Response Drill Episode1 IDS log investigation

9 - IDS log investigation.mp4

01:23

10 - Realworld Cyber Security Incident.mp4

01:20

11 - IDS-Log-for-sharing-copy.xlsx

11 - Lab exercise IDS log analysis.html

12 - Lab exercise Investigation tips.mp4

01:10

4 - Episode1 Walkthrough

13 - IDS Log Investigation guide part 1.mp4

04:37

14 - IDS Log Investigation guide part 2.mp4

10:16

15 - Warpup IDS Log Investigation.html

5 - Web Application Server Incident Response

16 - Web Application Server Incident Response.mp4

01:27

17 - Lab exercise Web log analysis.html

18 - Lab exercise Investigation tips.mp4

01:10

ex140404.zip

ex140405.zip

ex140406.zip

6 - Episode2 Walkthrough

19 - Web Log Investigation guide Demo of web hacking.mp4

05:12

20 - Web Log Investigation guide part 1.mp4

09:42

21 - Web Log Investigation guide part 2.mp4

12:32

22 - Wrapup Web Log Investigation.html

7 - Network Forensic

23 - Network Forensic.mp4

01:16

24 - Lab exercise network forensic.html

24 - finaltestpacket.zip

8 - Episode 3 Walkthrough

25 - Network forensic Investigation guide.mp4

04:20

26 - Wrapup network forensic.html

9 - Appendix

27 - Realworld Incident Response Case Study.mp4

05:15

Description

Volume 1 - Incident Response with Logs

What You'll Learn?

Strong Analytical and Problem-Solving Skills
Monitor, analyze the output from the network and endpoint devices
Knowledge of log formats and ability to aggregate and parse log data for system logs and application logs for investigation purpose
Perform Root cause analysis (RCA) for the incidents and update the knowledge management
Respond to cyber security incidents through remediation efforts

Who is this for?

Security Incident Response who learns about security incidents that occur due to mistakes made easily by server administrators and think about preventative measures.

Security team analysts who need to find and investigates the attack vectors on a system in the event of a security incident.

Security team/development team who are struggling with recurring security incidents even if the system is continuously reinstalled.

More details

Description
A security analyst performs an incident response (IR) when a breach occurs in a company or organization. Cyber security incident is defined in various ways. Incidents that occur in information asset-related systems generally referred to by companies mean that an abnormal operation occurs in the system or application, or a phenomenon unintended by an outsider. Through cyber security incident response, system damage status and cause of incidents are analyzed and, in case of crime, information necessary to prove criminal activity is collected for the purpose of collecting evidence. Industrial espionage, in which an internal employee steals confidential documents or key drawings from a competitor or overseas, becomes a legal forensic area necessary for legal disputes.
This course covers investigation tips and guides for level 2 analysts. Usually, we use variety tools to identify threats from various security logs such as Web Applications, IDS and Network Packets. In this lab, you will have practical exercise to find the cause of a problem with 3 types of logs. All logs were reflected from real-world incident
IDS logs were filtered unnecessary column information for your exercise. It will provide Date Time, Tag Name, Source IP, Source Port, Destination IP and Destination Port.
Web log format comes from Microsoft Internet Information Services (IIS), were filtered unnecessary rows for your exercise. You will use 2 different log analysis tools â€“ Log parser and Splunk.
Network packet logs were generated from the attack situation which was reproduced in the lab environment and collected in the network traffic in the lab environment.
The course will not cover the legal forensics domain. We will look at the basic knowledge and tools necessary to perform work as a level 2 analyst, and learn how to use analysis tools through hands-on practice. Intrusion incident analysis methods from a practical point of view required for intrusion response and analysis tasks in a company will be reviewed together. The basic task of a security analyst is to respond to security threats based on an understanding of network communication and applications. It analyzes the threat logs generated by various security devices to find attackers who are trying to break in, and directly changes the settings of security devices to prevent attacks.
Who this course is for:
Security Incident Response who learns about security incidents that occur due to mistakes made easily by server administrators and think about preventative measures.
Security team analysts who need to find and investigates the attack vectors on a system in the event of a security incident.
Security team/development team who are struggling with recurring security incidents even if the system is continuously reinstalled.

User Reviews

Rating

average 0

Total votes0

Focused display

I started my career as a level 1 analyst of Security Operation Center (SOC) in S. Korea, I have been continuing my career as an IT security expert. I have carried out security-related projects for various corporate clients and public institutions. I have worked in the security divisions of global companies such as IBM and Cisco.Through my professional experiences with domain and industry specialization with knowledge of security architectures and customer stories, I will give you various cyber incident response exercises through the series of courses.· Security consultation: advise on optimization, configuration and expansion of the security technology· Security Project PL&PM: Develop SOC processes and review SOC application to ensure that SOC’s controls, policies, and procedures are operating effectively, managing a service quality base on Service Level Agreement (SLA)· Develop the new product: NG-MSS (Next-Generation Managed Security Services), Risk Manage (RM)· Security Analyst at Computer Emergency Response Team: system forensics, network forensics, log analysis, and malware analysis· Cyber Incident Responses in the multiple sectors: Government – Intranet Hacking / Enterprise companies - Data Leak / Television Networks – DarkSeoul campaign, Destroying Television Networks systems.

Udemy

View courses Udemy

Students take courses primarily to improve job-related skills.Some courses generate credit toward technical certification. Udemy has made a special effort to attract corporate trainers seeking to create coursework for employees of their company.