• Online, Instructor-Led
  • Classroom

This intermediate-level course teaches students how to use threat-hunting hypotheses generated
from contextual data or threat intelligence feeds to write Python scripts that interact with various data
sources and perform data analytics to determine the validity of those hypotheses. Techniques include
the use of advanced data structures, active data gathering using SCAPY and other tools, scripting
database or SIEM queries, and more. Successful students will gain the ability to script or automate
custom threat hunting tasks

Learning Objectives

Successful completion of this course will enable students to:

  • Test cyberthreat hunting hypotheses by creating Python scripts that perform data gathering and analytics
  • Use advanced data structures to store, search, and manipulate data
  • Write Python code to interact with a variety of systems such as SIEM platforms and endpoints, as well as static data sources such as log files and traffic captures
  • Improve the speed and effectiveness of cyberthreat hunting activities through scripting and automation

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.