Event Monitoring and Incident Detection from CDW

Event Monitoring and Incident Detection

Event Monitoring and Incident Detection, part of our Incident Response series, will help students develop the professional competencies to detect intrusions, determine the nature of security events, and initiate critical first response for security incidents. It will also help to build important technical skills through several labs, tabletop exercises, and case-study based activities.

The goals of this 3-day course are to examine the Incident Response Life Cycle, determine the existence of security events, and implement the Computer Security Incident Response Team (CSIRT) Services Framework, to contain, eradicate, and remediate threats. This course is for anyone interested in learning about the initial phases of Cyber Incident Response handling. This course will also help the learner understand how to approach security incidents while working in an organization.

Course Overview

Overall Proficiency Level

1 - Basic

Course Prerequisites

Basic understanding of operating system internals
Familiarity with the general use of Windows systems
Basic understanding of TCP/IP networking

Related Courses:

OS-100 Understanding Operating Systems
IR-120 Incident Analysis
IR-210 Incident Response Planning and Management (coming soon)
IR-220 Analysis, Containment, and Recovery (coming soon)

Training Purpose

Management Development

Skill Development

Specific Audience

All

Delivery Method

Classroom

Online, Instructor-Led

Course Locations

8890 McGaw Road
Suite 200
Columbia, MD 21045

625 W Adams Street
Chicago, IL 60661

5908 Headquarters Drive
Suite 400
Plano, TX 75024

201 N Franklin St
Floor 37
Tampa, FL 33602

40 E. Rio Salado Parkway
Suite 200
Tempe, AZ 85281

Course Location Map

Your Location
Providers
Courses
Course and Provider Quantity

Classroom
Online, Instructor-Led

Learning Objectives

Describe the requirements for technical and functional preparation for Incident Response
Identify attack surfaces to be covered by an Incident Response Plan
Compare tools and processes used to monitor cyber activities
Construct a baseline of “normal” cyber traffic
Interpret data and logs of activity
Examine network traffic for evidence of anomalies
Collect evidence of anomalous activity
Explain the purposes of triage in incident response
Apply the MITRE ATT&CK matrix to anomalous activity observed
Construct security event timelines
Determine if incident escalation is appropriate
Report actionable data in a timely, clear, concise, and accurate manner
Apply playbooks in the incident response process

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Competency Areas

Work Roles

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.