Home Specialist skills Security FOR608: Enterprise-Class Incident Response and Threat Hunting
FOR608: Enterprise-Class Incident Response and Threat Hunting
-
Understand when incident response requires in-depth host interrogation or light-weight mass collection along with discussing best practices for responding to Azure, M365 and AWS cloud platforms
-
Collect host- and cloud-based forensic data from large environments
-
Correlate and analyse data across multiple data types and machines using a myriad of analysis techniques
-
Develop IOC signatures and analytics to expand searching capabilities and enable rapid detection of similar incidents in the future
-
Track incidents and indicators from beginning to end using built-for-purpose incident response engagement tooling
Overview
Off the shelf (OTS)
FOR608: Enterprise-Class Incident Response and Threat Hunting focuses on identifying and responding to incidents too large to focus on individual machines. By using example tools built to operate at enterprise-class scale, students learn the techniques to collect focused data for incident response and threat hunting, and dig into analysis methodologies to learn multiple approaches to understand attacker movement and activity across hosts of varying functions and operating systems by using an array of analysis techniques.
Delivery method
Face to face
Virtual
Digital
Course duration
48 hours
Competency level
Expert
Delivery method
-
Face to face
-
Virtual
-
Digital
Course duration
48 hours
Competency level
-
Expert
Spark login – Alpha testing