Security Event Triage

In this section, you will be introduced to the concepts associated with security event triage. Then, you will cover how these concepts fit into the security operations life cycle of an organization, and what tools and methods are used to implement these capabilities. Finally, you will learn the common skills used for network and endpoint analysis to detect known attacks. All skills learned in this path map to the NIST Cyber Security Workforce Framework Cyber Defense Analysis role and attack detections of Mitre ATT&CK techniques. Learn to leverage standard security analysis signature and event-based technologies to identify a wide variety of common attack techniques and reveal hints of more advanced activity waiting to be discovered.

In this section you will learn to monitor information beyond the network and endpoints. You you will apply machine assisted statistical analysis across all security data event sources to establish environmental baselines and discover associated behavioral anomalies to identify advanced and emerging attacker techniques. You will focus on understanding the difference between potentially malicious activity and standard environment events across network, machine, application and endpoint OS data sources. All the while beginning to connect the indicators of compromise to the known threat actor behaviors.

In this section, you will apply advanced thought processes to unique problem sets, including hardware supply chain interdiction. Then, you will prioritize and aggregate the data into a SIEM to perform cross data and alert source correlation, ensuring you are only focused on the most dangerous and highest likelihood events. Finally, having tracked down the full chain of compromise for both the common and advanced threat actors you will learn to utilize workflow management system to aggregate triage information and elevate the case.