title
Please take a moment to fill out this form. We will get back to you as soon as possible.
All fields marked with an asterisk (*) are mandatory.
Conducting Forensic Analysis and Incident Response Using Cisco Technologies for CyberOps (CBRFIR)
Course Description
Overview
The Conducting Forensic Analysis and Incident Response Using Cisco Technologies for CyberOps (CBRFIR) training builds your Digital Forensics and Incident Response (DFIR) and cybersecurity knowledge and skills. This training prepares you to identify and respond to cybersecurity threats, vulnerabilities, and incidents. Additionally, you will be introduced to digital forensics, including the collection and examination of digital evidence on electronic devices and learn to build the subsequent response threats and attacks. Students will also learn to proactively conduct audits to prevent future attacks. This training also prepares you to take the 300-215 CBRFIR exam.Objectives
- Develop an understanding of various cybersecurity threat and vulnerabilities
- Establish a framework for proactively responding to cybersecurity threat and vulnerabilities
- Analyze the components needed for a root cause analysis report
- Apply tools such as YARA for malware identification
- Recognize the methods identified in the MITRE attack framework
- Leverage scripting to parse and search logs or multiple data sources such as, Cisco Umbrella, Sourcefire IPS, AMP for Endpoints, AMP for Network, and PX Grid
- Recommend actions based on post-incident analysis
- Determine data to correlate based on incident type (host-based and network-based activities)
- Evaluate alerts from sources such as firewalls, Intrusion Prevention Systems (IPS), data analysis tools (such as, Cisco Umbrella Investigate, Cisco Stealthwatch, and Cisco SecureX), and other systems to responds to cyber incidents and recommend mitigation
- Evaluate elements required in an incident response playbook and the relevant components from the ThreatGrid report
- Analyze threat intelligence provided in different formats (such as, STIX and TAXII)
Audience
- SOC analysts, Tiers 1–2
- Threat researchers
- Malware analysts
- Forensic analysts
- Computer Telephony Integration (CTI) analysts
- Incident response analysts
- Security operations center engineers
- Security engineers
Prerequisites
-
Before taking this course, you should have:
- Familiarity with network and endpoint security concepts and monitoring
- Experience with network intrusion analysis
- An understanding of security policies and procedures
- Experience with risk management
- Experience with traffic and logs analysis
- Familiarity with APIs
- 2–3 years’ experience working in a security operations center (SOC) environment (experience Tier 1, or new Tier 2)
- Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
- Performing CyberOps Using Cisco Security Technologies (CBRCOR)
- Splunk Fundamentals 1
Topics
- Introduction to Incident Response
- Preparing for Incident Response
- Gathering and Examining Digital Intelligence
- Describing Detection, Analysis, and Investigation Forensics
Related Courses
-
Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
CSC-CBROPS- Duration: 5 Days
- Delivery Format: Classroom Training, Online Training
- Price: 4,295.00 USD
-
Performing CyberOps Using Cisco Security Technologies (CBRCOR)
CSC-CBRCOR- Duration: 5 Days
- Delivery Format: Classroom Training, Online Training
- Price: 4,000.00 USD
Self-Paced Training Info
Learn at your own pace with anytime, anywhere training
- Same in-demand topics as instructor-led public and private classes.
- Standalone learning or supplemental reinforcement.
- e-Learning content varies by course and technology.
- View the Self-Paced version of this outline and what is included in the SPVC course.
- Learn more about e-Learning
Course Added To Shopping Cart
bla
bla
bla
bla
bla
bla
Self-Paced Training Terms & Conditions
ONCE YOU ARE ENROLLED IN THIS COURSE YOU WILL NOT BE ABLE TO CANCEL YOUR ENROLLMENT. You are billed for the course when you submit the enrollment form. Self-Paced Virtual Classes are non-refundable. Once you purchase a Self-Paced Virtual Class, you will be charged the full price.
This is a Cisco Self-Paced virtual class; it is intended for students who do not need the support of a classroom instructor. If you feel you would better benefit from having access to a Subject Matter Expert, please check to see if an Instructor-Led version is available.
- Students will receive an access code within 1-3 business days.
- If purchasing a self-paced course for multiple students, the purchaser will receive the access codes and must distribute them individually to the students.
- Students have access to the course 24/7 and will need to read and follow all instructions carefully to complete the course successfully within their allotted time.
Q: How long do I have access to the course and the Labs within the course?
A: Labs are available for the length of your course subscription.
Q: Can I reset the course and start over?
A: No.
Q: Is there a time limit for the Trial (Demo)?
A: There is no expiration on registration to the trial versions. Access is capped not in time, but by the fact that only a select number of sections are unlocked within the content.'
Exam Terms & Conditions
Sorry, there are no classes that meet your criteria.
Please contact us to schedule a class.
STOP! Before You Leave
Save 0% on this course!
Take advantage of our online-only offer & save 0% on any course !
Promo Code skip0 will be applied to your registration
Purchase Information
title
Please take a moment to fill out this form. We will get back to you as soon as possible.
All fields marked with an asterisk (*) are mandatory.