CBRCOR — Performing CyberOps Using Cisco Security Technologies
CBRCOR - Performing CyberOps Using Cisco Security Technologies
Course Objectives
After taking this course, you should be able to:
Describe the types of service coverage within a SOC and operational responsibilities associated with each.
Compare security operations considerations of cloud platforms.
Describe the general methodologies of SOC platforms development, management, and automation.
Explain asset segmentation, segregation, network segmentation, micro-segmentation, and approaches to each, as part of asset controls and protections.
Describe Zero Trust and associated approaches, as part of asset controls and protections.
Perform incident investigations using Security Information and Event Management (SIEM) and/or security orchestration and automation (SOAR) in the SOC.
Use different types of core security technology platforms for security monitoring, investigation, and response.
Describe the DevOps and SecDevOps processes.
Explain the common data formats, for example, JavaScript Object Notation (JSON), HTML, XML, Comma-Separated Values (CSV).
Describe API authentication mechanisms.
Analyze the approach and strategies of threat detection, during monitoring, investigation, and response.
Determine known Indicators of Compromise (IOCs) and Indicators of Attack (IOAs).
Interpret the sequence of events during an attack based on analysis of traffic patterns.
Describe the different security tools and their limitations for network analysis (for example, packet capture tools, traffic analysis tools, network log analysis tools).
Analyze anomalous user and entity behavior (UEBA).
Perform proactive threat hunting following best practices.
Course Prerequisites
Although there are no mandatory prerequisites, to fully benefit from this course, you should have the following knowledge:
Familiarity with UNIX/Linux shells (bash, csh) and shell commands
Familiarity with the Splunk search and navigation functions
Basic understanding of scripting using one or more of Python, JavaScript, PHP or similar.
Recommended Cisco offerings that may help you prepare for this course:
Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
Implementing and Administering Cisco Solutions (CCNA)
Recommended third-party resources:
Splunk Fundamentals 1
Blue Team Handbook: Incident Response Edition by Don Murdoch
Threat Modeling- Designing for Security y Adam Shostack
Red Team Field Manual by Ben Clark
Blue Team Field Manual by Alan J White
Purple Team Field Manual by Tim Bryant
Applied Network Security and Monitoring by Chris Sanders and Jason Smith
Course Outline
Enterprise Network Assurance Overview
Introduction to Cisco Catalyst Center Assurance
Introduction to Cisco AppDynamics
Introduction to Cisco Catalyst SD-WAN Assurance
Introduction to Cisco ThousandEyes
Enterprise Agents Deployment
BGP, Network, DNS, and Voice Tests Configuration
Web Tests Configuration
Endpoint Agent
System Administration
Network Troubleshooting with Cisco ThousandEyes
Internet Insights
Alerts and Dashboards Configuration
Monitoring Solutions
Cisco Meraki Network Assurance
Cisco Meraki Insights
Lab Outline
Troubleshoot the Health of Network Devices
Explore Cisco Catalyst SD-WAN Analytics
Schedule a Test
Deploy Enterprise Agent
Configure Network, DNS, and Voice Tests
Configure Web Tests
Deploy and Configure an Endpoint Agent
Configure Account Administration
Examine Internet Insights
Configure Alerts
Build a Dashboard
Implementing Network Assurance with Cisco Meraki
Examine Cisco Meraki Insight