What you'll learn

Developing the skills necessary for a security analyst to properly detect and triage advanced attacker intrusion tactics and techniques requires experience and the use of advanced detection capabilities. Neither of which are easily obtained. In this course, Security Event Triage: Detecting System Anomalies, you will learn foundational knowledge required to baseline different machine performance data and triage deviations from that baseline that can indicate a stealthy adversary’s presence in your environment when all other methods have failed. First, you will learn about CPU, RAM, and Hard drive metric data and how it can be used to detect anything from botnets to the use of hard drives as microphones for side-channel espionage. Next, you will discover the techniques used for “in-browser” crypto-jacking or malware delivered crypto mining activity by monitoring browser activity and GPU usage that stands out from the established baseline for normal applications. Finally, you will look at fan speeds and power usage to identify air-gapped network hopping techniques and hardware supply chain compromise. When you are finished with this course, you will have the skills and knowledge of not only how a multitude of advanced attacker techniques are performed, but also what they look like in a realistic environment and how to identify them as part of your security analyst operations.