Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
The first course provides a high-level overview of security fundamentals on the GDC platform.
Overview
Syllabus
- Overview
- Course overview
- GDC platform overview
- Module overview
- What is GDC
- GDC services
- GDC at Cymbal Federal
- The users of GDC
- The GDC operating model
- GDC architecture
- GDC security guarantees
- The Operations Center (OC)
- Module review
- Knowledge check
- The infrastructure operator SecOps roles in GDC
- Module overview
- The Security Operations Center (SOC)
- Defending the GDC platform
- Roles in the SOC
- Tier 1 and Tier 2 analysts in the SOC
- Tier 3 analysts in the SOC
- Security and the SOC
- SOC organization structure
- Interacting with external teams
- Module review
- Knowledge check
- SOC processes in Google Distributed Cloud (GDC) air-gapped
- Module overview
- Logs in the GDC SOC
- Manual and automated security processes
- Security Information and Event Management (SIEM)
- Security Orchestration, Automation, and Response (SOAR)
- Endpoint Detection and Response (EDR)
- SIEM, EDR, and SOAR at Cymbal Federal
- An introduction to incident management
- The activities behind incident management
- The end-to-end incident response process
- Monitor
- Intake
- Escalate
- Investigate
- Contain and remediate
- Recover and report
- Recap of incident response management
- The incident response plan (IRP)
- The challenges of proactive cyber security
- Advanced security services in the SOC
- Advanced security services at Cymbal Federal
- The asset inventory
- Introduction to threat modeling
- Introduction to vulnerability management
- Introduction to security engineering
- Module review
- Knowledge check
- SOC tools for Google Distributed Cloud (GDC) air-gapped
- Module overview
- Tools in the SOC
- The MITRE ATT&CK framework
- GDC platform security
- Categories of tools for the GDC SOC
- Core tools in the GDC SOC: Splunk SIEM
- Core tools in the GDC SOC: Tenable Nessus
- Core tools in the GDC SOC: Portswigger Burp
- Core Tools in the GDC SOC: Trelix
- Core tools in the GDC SOC: Microsoft Defender Antivirus and ClamAV
- Core tools in the GDC SOC: Palo Alto
- Observability tools in the GDC SOC
- LogMon
- The GDC observability ecosystem
- Observability tools in the GDC SOC: Grafana
- The query creation process in Grafana
- Observability tools in the GDC SOC: Prometheus
- Observability tools in the GDC SOC: Cortex
- Observability tools in the GDC SOC: Fluent Bit
- Observability tools in the GDC SOC: Loki
- Management tools in the GDC SOC: ServiceNow
- ServiceNow at Cymbal Federal
- Management tools in the GDC SOC: GitLab
- Management tools in the GDC SOC: Anthos Config Management (ACM)
- Management tools in the GDC SOC: Fleet
- Management tools in the GDC SOC: Harbor
- Management tools in the GDC SOC: Red Hat Enterprise Linux (RHEL)
- Management tools in the GDC SOC: MariaDB
- Module summary
- Knowledge check
- Default logs, metrics, dashboards, and alerts in Splunk SIEM
- Module overview
- Log types in the GDC SOC
- Audit logs
- Audit logs at Cymbal Federal
- Security logs
- Operational logs
- Operational logs at Cymbal Federal
- Review: Logs in Splunk
- Metrics in Splunk
- Baseline metrics
- Security-specific metrics in Splunk
- Using Splunk metrics
- Splunk metrics at Cymbal Federal
- Splunk dashboards
- Alerts in Splunk
- Alerts at Cymbal Federal
- Alert rules
- The alert inventory
- Module review
- Knowledge check
- Resources
- Course Slides
- Additional Resources
- Your Next Steps
- Course Badge
