Conducting Threat Hunting and Defending using Cisco Technologies for CyberOps

- Security Operations Center staff 
- SOC Tier 2 Analysts 
- Threat Hunters 
- Cyber Threat Analysts 
- Threat Managers
- Risk Managements

By the end of this course, you should be able to:

• Define threat hunting and identify core concepts used to conduct threat hunting investigations
• Examine threat hunting investigation concepts, frameworks, and threat models
• Define cyber threat hunting process fundamentals
• Define threat hunting methodologies and procedures
• Describe network-based threat hunting
• Identify and review endpoint-based threat hunting
• Identify and review endpoint memory-based threats and develop endpoint-based threat detection
• Define threat hunting methods, processes, and Cisco tools that can be utilized for threat hunting
• Describe the process of threat hunting from a practical perspective
• Describe the process of threat hunt reporting

Outline

• Threat Hunting Theory
• Threat Hunting Concepts, Frameworks, and Threat Models
• Threat Hunting Process Fundamentals
• Threat Hunting Methodologies and Procedures
• Network-Based Threat Hunting
• Endpoint-Based Threat Hunting
• Endpoint-Based Threat Detection Development
• Threat Hunting with Cisco Tools
• Threat Hunting Investigation Summary: A Practical Approach
• Aftermath of a Threat Hunt

Lab Outline

• Categorize Threats with MITRE ATTACK Tactics and Techniques
• Compare Techniques Used by Different APTs with MITRE ATTACK Navigator
• Model Threats Using MITRE ATTACK and D3FEND
• Prioritize Threat Hunting Using the MITRE ATTACK Framework and Cyber Kill Chain
• Determine the Priority Level of Attacks Using MITRE CAPEC
• Explore the TaHiTI Methodology
• Perform Threat Analysis Searches Using OSINT
• Attribute Threats to Adversary Groups and Software with MITRE ATTACK
• Emulate Adversaries with MITRE Caldera
• Find Evidence of Compromise Using Native Windows Tools
• Hunt for Suspicious Activities Using Open-Source Tools and SIEM
• Capturing of Network Traffic
• Extraction of IOC from Network Packets
• Usage of ELK Stack for Hunting Large Volumes of Network Data
• Analyzing Windows Event Logs and Mapping Them with MITRE Matrix
• Endpoint Data Acquisition
• Inspect Endpoints with PowerShell
• Perform Memory Forensics with Velociraptor
• Detect Malicious Processes on Endpoints
• Identify Suspicious Files Using Threat Analysis
• Conduct Threat Hunting Using Cisco Secure Firewall, Cisco Secure Network Analytics, and Splunk
• Conduct Threat Hunt Using Cisco XDR Control Center and Investigate
• Initiate, Conduct, and Conclude a Threat Hunt

There are no prerequisites for this training. However, the knowledge and skills you are recommended to have before attending this training are: General knowledge of networks and network security

Pré-requis recommandés :

• CCNA - Mettre en oeuvre et administrer des solutions réseaux Cisco
• CBROPS - Understanding Cisco Cybersecurity Operations Fundamentals
• CBRCOR - Performing CyberOps Using Cisco Security Technologies

• This training prepares you for the 300-220 CBRTHD v1.0 exam. If passed, you earn the Cisco Certified Specialist – Threat Hunting and Defending certification and satisfy the concentration exam requirement for the Cisco Certified Network Professional (CCNP) Cybersecurity certification.