*Instructor-led Classroom Training &
*Instructor-led Online / hybrid training

Performing CyberOps Using Cisco Security Technologies (CBRCOR) v1.0

Course details

Objectives

● Describing the types of service coverage within a SOC and operational responsibilities associated with each.
● Comparing security operations considerations of cloud platforms.
● Describing the general methodologies of SOC platforms development, management, and automation.
● Explaining asset segmentation, segregation, network segmentation, micro-segmentation, and approaches to each, as part of asset controls and protections.
● Describing Zero Trust and associated approaches, as part of asset controls and protections.
● Performing incident investigations using Security Information and Event Management (SIEM) and/or security orchestration and automation (SOAR) in the SOC.
● Using different types of core security technology platforms for security monitoring, investigation, and response.
● Describing the DevOps and SecDevOps processes.
● Explaining the common data formats, for example, JavaScript Object Notation (JSON), HTML, XML, Comma-Separated Values (CSV).
● Describing API authentication mechanisms.
● Analyzing the approach and strategies of threat detection, during monitoring, investigation, and response.
● Determining known Indicators of Compromise (IOCs) and Indicators of Attack (IOAs).

Course overview
● Interpreting the sequence of events during an attack based on analysis of traffic patterns.
● Describing the different security tools and their limitations for network analysis (for example, packet capture
tools, traffic analysis tools, network log analysis tools).
● Analyzing anomalous user and entity behavior (UEBA).
● Performing proactive threat hunting following best practices.

Outline
● Understanding Risk Management and SOC Operations
● Understanding Analytical Processes and Playbooks
● Investigating Packet Captures, Logs, and Traffic Analysis
● Investigating Endpoint and Appliance Logs
● Understanding Cloud Service Model Security Responsibilities
● Understanding Enterprise Environment Assets
● Implementing Threat Tuning
● Threat Research and Threat Intelligence Practices
● Understanding APIs
● Understanding SOC Development and Deployment Models
● Performing Security Analytics and Reports in a SOC
● Malware Forensics Basics
● Threat Hunting Basics
● Performing Incident Investigation and Response

Lab outline
● Exploring Cisco SecureX Orchestration
● Exploring Splunk Phantom Playbooks
● Examining Cisco Firepower Packet Captures and PCAP Analysis
● Validating an Attack and Determine the Incident Response
● Submitting a Malicious File to Cisco Threat Grid for Analysis
● Endpoint-Based Attack Scenario Referencing MITRE ATTACK
● Evaluating Assets in a Typical Enterprise Environment
● Exploring Cisco Firepower NGFW Access Control Policy and Snort Rules
● Investigating IOCs from Cisco Talos Blog Using Cisco SecureX
● Exploring the ThreatConnect Threat Intelligence Platform
● Tracking the TTPs of a Successful Attack Using a TIP
● Querying Cisco Umbrella Using Postman API Client
● Fixing a Python API Script
● Creating Bash Basic Scripts
● Reversing Engineer Malware
● Performing Threat Hunting
● Conducting an Incident Response

Who should enroll
Although there are no mandatory prerequisites, the course is particularly suited for the following audiences:
● Cybersecurity engineer
● Cybersecurity investigator
● Incident manager
● Incident responder
● Network engineer
● SOC analysts currently functioning at entry level with a minimum of 1 year of experience