Advanced Log Analysis from University of Maryland Global Campus

Advanced Log Analysis

Course Desc: A lab-based, hands-on study of the tools and processes used to efficiently extract, arrange, analyze, and manage log files from a variety of applications, devices, and systems. The goal is to process and examine log files to identify tactics, techniques, and procedures used by an adversary as part of a cyberattack or incident. Topics include log analysis, log management, threat detection, auditing, cybersecurity artifacts, security incidents and intrusions, and security information and event management (SIEM) systems and tools.

Course Overview

Overall Proficiency Level

4 - Expert

Course Catalog Number

28225

Course Prerequisites

None

Training Purpose

Skill Development

Specific Audience

All

Delivery Method

Online, Instructor-Led

National CAE Designated Institution

Online, Instructor-Led

Learning Objectives

After completing this course, you should be able to:
Evaluate log management and analysis methodology to support a forensics investigation.
Organize information from large log files to isolate activity related to a cyber-attack.
Analyze log files, evidence, and other information to determine tactics, techniques and procedures and actors associated with a cyber-attack.
Mitigate gaps in an organization's cybersecurity logging strategy.
Evaluate security information and event management (SIEM) systems to support log analysis and auditing, policies and procedures, and centralized logging management.
Generate technical reports summarizing digital forensics and cyber investigation log analysis findings and recommendations.
Analyze information from log files with other forensic evidence including disk images, images of RAM, and other evidence included with a case.

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Competency Areas

Cyber Resiliency

Work Roles

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.