Implementing Cisco Cybersecurity Operations - SECOPS
Overview
Implementing Cisco Cybersecurity Operations (SECOPS) course allows learners to understand how a Security Operations Center (SOC) functions and the introductory-level skills and knowledge needed in this environment. It focuses on the introductory-level skills needed for a SOC Analyst at the associate level. Specifically, understanding basic threat analysis, event correlation, identifying malicious activity, and how to use a playbook for incident response.
Prerequisites:
Completion of Cisco Cybersecurity Fundamentals (SECFND)
Target Audience:
- Security Operations Center Security Analyst
- Computer Network Defense Analyst
- Computer Network Defense Infrastructure Support personnel
- Future Incident Responders and Security Operations Center (SOC) personnel
- Students beginning a career and entering the cybersecurity field
- IT personnel looking to learn more about the area of cybersecurity operations
- Cisco Channel Partners
Course Objectives:
After completion of this course, students will be able to…
- Define a SOC and the various job roles in a SOC
- Understand SOC infrastructure tools and systems
- Learn basic incident analysis for a threat-centric SOC
- Explore resources available to assist with an investigation
- Explain basic event correlation and normalization
- Describe common attack vectors
- Learn how to identify malicious activity
- Understand the concept of a playbook
- Describe and explain an incident respond handbook
- Define types of SOC Metrics
- Understand SOC Workflow Management system and automation
Course Outline:
Module 1: SOC Overview
- Lesson 1: Defining the Security Operations Center
- Lesson 2: Understanding NSM Tools and Data
- Lesson 3: Understanding Incident Analysis in a Threat-Centric SOC
- Lesson 4: Identifying Resources for Hunting Cyber Threats
Module 2: Security Incident Investigations
- Lesson 1: Understanding Event Correlation and Normalization
- Lesson 2: Identifying Common Attack Vectors
- Lesson 3: Identifying Malicious Activity
- Lesson 4: Identifying Patterns of Suspicious Behavior
- Lesson 5: Conducting Security Incident Investigations
Module 3: SOC Operations
- Lesson 1: Describing the SOC Playbook
- Lesson 2: Understanding the SOC Metrics
- Lesson 3: Understanding the SOC WMS and Automation
- Lesson 4: Describing the Incident Response Plan
- Lesson 5: Appendix A Describing the Computer Security Incident Response Team
- Lesson 6: Appendix B Understanding the use of VERIS
Labs:
- Guided Lab 1: Explore Network Security Monitoring Tools
- Discovery 1: Investigate Hacker Methodology
- Discovery 2: Hunt Malicious Traffic
- Discovery 3: Correlate Event Logs, PCAPs, and Alerts of an Attack
- Discovery 4: Investigate Browser-Based Attacks
- Discovery 5: Analyze Suspicious DNS Activity
- Discovery 6: Investigate Suspicious Activity Using Security Onion
- Discovery 7: Investigate Advanced Persistent Threats
- Discovery 8: Explore SOC Playbooks