Operationalizing Cyber Threat Intel: Pivoting & Hunting

The prevalence of Cyber Threat Intelligence (CTI) continues to grow within the incident response industry. This course teaches you how to extract, ingest, pivot on, and hunt for indicators from CTI to help you find what your security tools can't.
Course info
Rating
(10)
Level
Intermediate
Updated
Oct 22, 2018
Duration
2h 35m
Table of contents
Description
Course info
Rating
(10)
Level
Intermediate
Updated
Oct 22, 2018
Duration
2h 35m
Description

Cyber Threat Intelligence (CTI) is all around us. You can generate intel yourself, pull indicators from a feed, subscribe to a commercial service, or simply extract intel from social media. However, what do you do with the intel once you obtain it? Many companies simply block atomic indicators within their firewalls and move on with life, but there's so much more to it than that! In this course, Operationalizing Cyber Threat Intel: Pivoting & Hunting, you'll explore how to ingest CTI properly. First, you'll learn to make the most of intel articles by extracting all the indicators they provide, even those that aren't obvious. Next, you'll discover how to pivot on your extracted indicators to provide a more holistic view of the threat. Finally, you'll touch on some techniques you can use to hunt for indicators within your network. After taking this course, you'll be better equipped to help protect your organization from threats by reviewing CTI sources and ingesting the information using a skilled, dynamic analysis method.

About the author
About the author

Ryan is a certified incident response analyst and reverse engineer who also wears the hats of forensic analyst and developer. He enjoys speaking at conferences and performing stand-up comedy. Ryan spent six years as a technical trainer, and he is passionate about life-long learning.

More from the author
Hands-On Incident Response Fundamentals
Beginner
3h 23m
Jan 20, 2017
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi folks, my name is Ryan Chapman, and welcome to my course Operationalizing Cyber Threat intel: Pivoting and Hunting. I an incident response analyst, malware reverse engineer, and digital forensics investigator. Like the yin and yang of our world, cyber security would not function without both the blue and the red force. I attempt to embody the blue side in all things that I do, and when serving as an incident commander, I'm prepared to take on any challenge that that may entail. Operationalizing cyber threat intelligence, or CTI, is a critical part of what we incident responders do that helps distinguish the mature organizations from, well, the rest of the bunch. In this course, we are going to delve into the world of CTI, pushing the envelope of processing of intel to assure that you, the learner, are equipped with the skills you need to become a solid intel analyst. Some of the major topics that we will cover include verifying CTI indicators, pivoting through intel to amass a more holistic picture of a given threat, hunting for malicious indicators within your environment, and utilizing a threat intelligence platform. By the end of this course, you'll be able to ingest CTI, extract all possible indicators, use intelligence tools to augment your indicator set, and identify if your network is home to any of the malicious indicators identified. Before beginning the course, you should be familiar with basic computer networking and have experience with incident response. If you can field alerts within a security incident and event management or SIM platform, you're ready to dive into the world of CTI. I hope you'll tag along and allow me to guide you through this Operationalizing Cyber Threat intelligence: Pivoting and Hunting course here at Pluralsight.