• Online, Instructor-Led
  • Classroom

This intermediate-level course teaches students how to use threat-hunting hypotheses generated
from contextual data or threat intelligence feeds to write Python scripts that interact with various data
sources and perform data analytics to determine the validity of those hypotheses. Techniques include
the use of advanced data structures, active data gathering using SCAPY and other tools, scripting
database or SIEM queries, and more. Successful students will gain the ability to script or automate
custom threat hunting tasks

Learning Objectives

Successful completion of this course will enable students to:

  • Test cyberthreat hunting hypotheses by creating Python scripts that perform data gathering and analytics
  • Use advanced data structures to store, search, and manipulate data
  • Write Python code to interact with a variety of systems such as SIEM platforms and endpoints, as well as static data sources such as log files and traffic captures
  • Improve the speed and effectiveness of cyberthreat hunting activities through scripting and automation

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Collection Operations
  • Cyber Defense Analysis
  • Cyber Operations

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.