مدت دوره: 70 ساعت
عنوان دوره: مرکز عملیات امنیت
SOC Overview
What is a SOC? What is the mission?
Why are we being attacked?
Modern defense mindset
The challenges of SOC work
The people, process, and technology of a SOC
Aligning the SOC with your organization
SOC functional component overview
Tiered vs. tierless SOCs
Important operational documents
Defensible Network Concepts
Understanding what it takes to be defensible
Network security monitoring (NSM) concepts
NSM event collection
NSM by network layer
Continuous security monitoring (CSM) concepts
CSM event collection
Monitoring sources overview
Data centralization
Events, Alerts, Anomalies, and Incidents
Event collection
Event log flow
Alert collection
Alert triage and log flow
Signatures vs. anomalies
Alert triage workflow and incident creation
Incident Management Systems
SOC data organization tools
Incident management systems options and features
Data flow in incident management systems
Case creation, alerts, observables, playbooks, and workflow
Case and alert naming convention
Incident categorization framework
Threat Intelligence Platforms
What is cyber threat intelligence?
Threat data vs. information vs. intelligence
Threat intel platform options, features, and workflow
Event creation, attributes, correlation, and sharing
SIEM
Benefits of data centralization
SIEM options and features
SIEM searching, visualizations, and dashboards
Use cases and use case databases
Network Protocols and Analytics
Network Access/Link Layer: Layer 2
Address resolution protocol
ARP spoofing
IP Layer: Layer 3
Examination of fields in theory and practice
Checksums and their importance, especially for an IDS/IPS
Fragmentation: IP header fields involved in fragmentation, composition of the fragments, fragmentation attacks
TCP
Packet dissection
Checksums
Normal and abnormal TCP stimulus and response
UDP
Examination of fields in theory and practice
UDP stimulus and response
ICMP
Examination of fields in theory and practice
Normal ICMP
Malicious ICMP
Scapy
Packet crafting and analysis using Scapy
Writing a packet(s) to the network or a pcap file
Reading a packet(s) from the network or from a pcap file
Practical Scapy uses for network analysis and network defenders
DNS
DNS architecture and function
Malicious DNS, including cache poisoning
Microsoft Protocols
SMB/CIFS
MSRPC
Modern HTTP and TLS
Protocol format
Why and how this protocol is evolving
SMTP
Protocol format
STARTTLS
Sample of attacks
IDS/IPS
Identifying Traffic of Interest
Network Architecture
Instrumenting the network for traffic collection
IDS/IPS deployment strategies
Hardware to capture traffic
Introduction to IDS/IPS Analysis
Function of an IDS
Flow process for Snort and Bro
Similarities and differences between Snort and Bro
Snort
Introduction to Snort
Running Snort
Writing Snort rules
Tips for writing efficient rules
Zeek
Introduction to Zeek
Zeek Operational modes
Zeek output logs and how to use them
Practical threat analysis
Zeek scripting
Endpoint Analytics
Endpoint Defense In-Depth
Network scanning and software inventory
Vulnerability scanning and patching
Anti-exploitation
Whitelisting
Host intrusion prevention and detection systems
Host firewalls
File integrity monitoring
Privileged access workstations
Windows privileges and permissions
Endpoint detection and response tools (EDR)
File and drive encryption
Data loss prevention
User and entity behavior analytics (UEBA)
How Windows Logging Works
Channels, event IDs, and sources
XML format and event templates
Log collection path
Channels of interest for tactical data collection
How Linux Logging Works
Syslog log format
Syslog daemons
Syslog network protocol
Log collection path
Systemd journal
Additional command line auditing options
Application logging
Service vs. system logs
Interpreting Important Events
Windows and Linux login events
Process creation logs for Windows and Linux
Additional activity monitoring
Firewall events
Object and file auditing
Service creation and operation logging
New scheduled tasks
USB events
User creation and modification
Windows Defender events
PowerShell logging
Kerberos and Active Directory Events
Authentication and the ticket-granting service
Kerberos authentication steps
Kerberos log events in detail
Log Collection, Parsing, and Normalization
Logging pipeline and collection methods
Windows vs. Linux log agent collection options
Parsing unstructured vs. structured logs
SIEM-centric formats
Efficient searching in your SIEM
The role of parsing and log enrichment
Log normalization and categorization
Log storage and retention lifecycle
Files Contents and Identification
File contents at the byte level
How to identify a file by the bytes
Magic bytes
Nested files
Strings – uses, encoding options, and viewing
Identifying and Handling Suspicious Files
Safely handling suspicious files
Dangerous files types
Exploits vs. program “features”
Exploits vs. Payloads
Executables, scripts, office docs, RTFs, PDFs, and miscellaneous exploits
Hashing and signature verification
Signature inspection and safety of verified files
Inspection methods, detecting malicious scripts and other files
Threat Detection with Splunk
Splunk Overview
Splunk and Machine Data
Splunk Use Cases
Splunk Deployment (Single Instance and Distributed)
Getting Data In Splunk
Indexing Data With Splunk
Search Processing Language (SPL)
Types of SPL commands
Splunk search optimization
Filter commands
Report commands
Group commands
Field commands
Correlation commands
Basic Security Usecases
Brute Force Detection
Network Scan Detection
Baselining With Splunk
Advanced Security Use Cases
Lookup with Splunk
Regular Expression
Detecting DNS Based Threats
Malware Beaconing Detection
Malicious SSL Connections Detection
Detecting Malicious Windows Tools
Detecting Windows Lateral Movement
Situational Awareness
درخواست مشاوره
برای کسب اطلاعات بیشتر درباره این دوره درخواست مشاوره خود را ارسال کنید و یا با ما در تماس باشید.
درخواست مشاورهدوره های مرتبط
دوره جامع آموزش دیجیتال مارکتینگ
دوره جامع آموزش دیجیتال مارکتینگ به آموزش تکنیکها و استراتژیهای مختلفی میپردازد که به کسبوکارها کمک میکند تا در فضای آنلاین به موفقیت برسند. این دوره شامل مباحث مختلفی از جمله سئو، SEM، شبکههای اجتماعی، ایمیل مارکتینگ، تولید محتوا و آنالیز دادهها است.
سمینار ISO 27001 Internal Audit
شرح سمینار ISO 27001 Internal Audit
سمینار ISO 27001 Internal Audit مدیریت امنیت اطلاعات در گزینش و استخدام کارکنان
مزایای سمینار
- ارائه مدرک معتبر
- برگزاری دورهها بصورت کاملا عملی
- استفاده از لابراتور مجهز
- استفاده از برترین اساتید داخلی و با مدرک بینالمللی
- با توجه به حضور گروه دوران در بیش از 1000 پروژه سازمانی، امکان معرفی دانشجویان دوره به بازار کار مرتبط به دورهها
- تخفیف جهت حضور در دورههای بعدی
- دريافت مدرک بينالمللی مرتبط
سمینار مدیریت امنیت اطلاعات در گزینش و استخدام کارکنان
شرح سمینار
سمینار مدیریت امنیت اطلاعات در گزینش و استخدام کارکنان
مزایای سمینار
- ارائه مدرک معتبر
- برگزاری دوره ها بصورت کاملا عملی
- استفاده از لابراتور مجهز
- استفاده از برترین اساتید داخلی و با مدرک بینالمللی
- با توجه به حضور گروه دوران در بیش از 1000 پروژه سازمانی، امکان معرفی دانشجویان دوره به بازار کار مرتبط به دورهها
- تخفیف جهت حضور در دورههای بعدی
- دريافت مدرک بينالمللی مرتبط
سمینار SCNS Security Certified Network Specialist
شرح سمینار
اولین مدرک امنیتی SCP، سمینار SCNS Security Certified Network Specialist است که پیش نیاز دوره های SCNP و SCNA میباشد. در سمینار SCNS Security Certified Network Specialist، شما با تکنولوژیهای دفاعی سر و کار دارید که پایه و اساس امنیت شبکه هستند مانند طراحی سیستم شناسایی نفوذ، طراحی و پیکربندی فایروالها، پیکربندی VPN و امنیت روترها. این دوره برای ارائه مهارت های اولیه مورد نیاز متخصصان امنیتی طراحی شده است.
نظرات
تماس با ما