Blue Team Fundamentals


Blue Team Fundamentals
- متوسط
- مسیر آبی
- درس

دربارهی این دوره
این دوره به چه افرادی توصیه میشود؟
برای حضور در این دوره چه دانشهایی باید داشته باشم؟
سرفصلهای دوره
-
Blue Team Tools and Operations
-
Introduction to the Blue Team Mission
-
SOC Overview
-
Defensible Network Concepts
-
Events, Alerts, Anomalies, and Incidents
-
Incident Management Systems
-
Threat Intelligence Platforms
-
SIEM
-
Automation and Orchestration
-
Who Are Your Enemies?
-
-
Understanding Your Network
-
Corporate Network Architecture
-
Traffic Capture and Analysis
-
Understanding DNS
-
DNS analysis and attacks
-
Understanding HTTP and HTTPS
-
Analyzing HTTP for Suspicious Activity
-
How SMTP and Email Attacks Work
-
Additional Important Protocols
-
-
Understanding Endpoints, Logs, and Files
-
Endpoint Attack Tactics
-
Endpoint Defense In-Depth
-
Network scanning and software inventory
-
How Windows Logging Works
-
How Linux Logging Works
-
Interpreting Important Events
-
Log Collection, Parsing, and Normalization
-
Files Contents and Identification
-
Identifying and Handling Suspicious Files
-
-
Triage and Analysis
-
Alert Triage and Prioritization
-
Perception, Memory, and Investigation
-
Perception, Memory, and Investigation
-
Mental Models for Information Security
-
Structured Analysis Techniques
-
Analysis Questions and Tactics
-
Analysis OPSEC
-
Intrusion Discovery
-
Incident Closing and Quality Review
-
-
Continuous Improvement, Analytics, and Automation
-
Improving Life in the SOC
-
Analytic Features and Enrichment
-
New Analytic Design, Testing, and Sharing
-
Tuning and False Positive Reduction
-
Automation and Orchestration
-
Improving Operational Efficiency and Workflow
-
Containing Identified Intrusions
-
گواهینامهی دوره
