• Online, Instructor-Led
  • Online, Self-Paced

This module covers the basics of cyber threat hunting in a secure operations center. Students will learn the mindset of the adversary and methods to identify new and emerging cyber threats in an organizational environment. Topics include log analysis, event correlation, open-source threat intelligence, use of AI in  threat identification, honeypots, and threat sharing. Students will practice new skills in a simulated threat environment.

Learning Objectives

Understand the adversarial mindset, characteristics of the adversary and common cyber-attacks, Understand the role of the MITRE Att@ck Framework in understanding stages of a cyber-attack, Analyze and correlate logs from multiple sources, Collect and analyze open source intelligence, Perform basic cyber threat hunting

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Collection Operations
  • Cyber Defense Analysis
  • Cyber Investigation
  • Risk Management
  • Training, Education, and Awareness

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.