Home Specialist skills Security FOR608: Enterprise-Class Incident Response & Threat Hunting

FOR608: Enterprise-Class Incident Response & Threat Hunting

Understand when incident response requires in-depth host interrogation or light-weight mass collection.
Deploy collaboration and analysis platforms that allow teams to work across rooms, states, or countries simultaneously.
Correlate and analyze data across multiple data types and machines using a myriad of analysis techniques.
Develop IOC signatures and analytics to expand searching capabilities and enable rapid detection of similar incidents in the future.
Track incidents and indicators from beginning to end using built-for-purpose incident response engagement tooling.

Overview

Off the shelf (OTS)

FOR608: Enterprise-Class Incident Response & Threat Hunting focuses on identifying and responding to incidents too large to focus on individual machines. By using example tools built to operate at enterprise-class scale, students learn the techniques to collect focused data for incident response and threat hunting, and dig into analysis methodologies to learn multiple approaches to understand attacker movement and activity across hosts of varying functions and operating systems by using an array of analysis techniques.