Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Google

Sound the Alarm: Detection and Response

Google via Google Skills

Go to class Write review
CodeSignal Ad

2,000+ Free Courses with Certificates: Coding, AI, SQL, and More

Learn More → University of the People Ad

Earn Your Business Degree, Tuition-Free, 100% Online!

Learn More →

Overview

Build a Learning Habit
Download Class Central's free printable study calendar
Download for Free
Learn more about incident detection and response. Define a security incident, explain the incident response lifecycle, and analyze network communications to detect security incidents using packet sniffing tools. Explore investigation processes and practice using IDS and SIEM tools. Google cybersecurity employees will guide you through hands-on activities. This is the sixth course in the Google Cybersecurity Certificate, a series designed to prepare you for an entry-level cybersecurity role.

Syllabus

  • Introduction to detection and incident response
    • Introduction to Course 6
    • Course 6 overview
    • Dave: Grow your cybersecurity career with mentors
    • Welcome to module 1
    • Introduction to the incident response lifecycle
    • Graded Quiz: Portfolio Activity: Document an incident with an incident handler's journal
    • Portfolio Activity Exemplar: Document an incident with an incident handler's journal
    • Practice Quiz: Test your knowledge: The incident response lifecycle
    • Incident response teams
    • Fatima: The importance of communication during incident response
    • Roles in response
    • Incident response plans
    • Practice Quiz: Test your knowledge: Incident response operations
    • Incident response tools
    • The value of documentation
    • Intrusion detection systems
    • Overview of detection tools
    • Practice Quiz: Test your knowledge: Detection and documentation tools
    • Alert and event management with SIEM and SOAR tools
    • Overview of SIEM technology
    • Practice Quiz: Test your knowledge: Management tools
    • Wrap-up
    • Glossary terms from module 1
    • Graded Quiz: Module 1 challenge
  • Network monitoring and analysis
    • Welcome to module 2
    • Casey: Apply soft skills in cybersecurity
    • The importance of network traffic flows
    • Maintain awareness with network monitoring
    • Data exfiltration attacks
    • Practice Quiz: Test your knowledge: Understand network traffic
    • Packets and packet captures
    • Learn more about packet captures
    • Interpret network communications with packets
    • Reexamine the fields of a packet header
    • Investigate packet details
    • Resources for completing labs
    • Lab tips and troubleshooting steps
    • Activity: Analyze your first packet with Wireshark
    • Exemplar: Analyze your first packet with Wireshark
    • Exemplar: Analyze your first packet
    • Practice Quiz: Test your knowledge: Capture and view network traffic
    • Overview of tcpdump
    • Activity: Capture your first packet
    • Exemplar: Capture your first packet
    • Exemplar: Capture your first packet
    • Practice Quiz: Test your knowledge: Packet inspection
    • Practice Quiz: Activity: Research network protocol analyzers
    • Activity Exemplar: Research network protocol analyzers
    • Wrap-up
    • Glossary terms from module 2
    • Graded Quiz: Module 2 challenge
  • Incident investigation and response
    • Welcome to module 3
    • The detection and analysis phase of the lifecycle
    • Cybersecurity incident detection methods
    • Ongoing Monitoring of CI/CD
    • MK: Changes in the cybersecurity industry
    • Indicators of compromise
    • Analyze indicators of compromise with investigative tools
    • Practice Quiz: Activity: Investigate a suspicious file hash
    • Activity Exemplar: Investigate a suspicious file hash
    • Practice Quiz: Test your knowledge: Incident detection and verification
    • The benefits of documentation
    • Document evidence with chain of custody forms
    • Best practices for effective documentation
    • The value of cybersecurity playbooks
    • Practice Quiz: Activity: Use a playbook to respond to a phishing incident
    • Activity Exemplar: Use a playbook to respond to a phishing incident
    • The role of triage in incident response
    • Robin: Foster cross-team collaboration
    • The triage process
    • The containment, eradication, and recovery phase of the lifecycle
    • Business continuity considerations
    • Practice Quiz: Test your knowledge: Response and recovery
    • The post-incident activity phase of the lifecycle
    • Post-incident review
    • Practice Quiz: Activity: Review a final report
    • Practice Quiz: Test your knowledge: Post-incident actions
    • Wrap-up
    • Glossary terms from module 3
    • Graded Quiz: Module 3 challenge
  • Network traffic and logs using IDS and SIEM tools
    • Welcome to module 4
    • The importance of logs
    • Best practices for log collection and management
    • Practice Quiz: Test your knowledge: Overview of logs
    • Rebecca: Learn new tools and technologies
    • Variations of logs
    • Overview of log file formats
    • Practice Quiz: Test your knowledge: Log components and formats
    • Security monitoring with detection tools
    • Detection tools and techniques
    • Grace: Security mindset in detection and response
    • Components of a detection signature
    • Examine signatures with Suricata
    • Examine Suricata logs
    • Overview of Suricata
    • Activity: Examine alerts, logs, and rules with Suricata
    • Exemplar: Examine alerts, logs, and rules with Suricata
    • Exemplar: Explore signatures with Suricata
    • Practice Quiz: Test your knowledge: Overview of intrusion detection systems (IDS)
    • Reexamine SIEM tools
    • Log sources and log ingestion
    • Query for events with Splunk
    • Query for events with Google SecOps
    • Search methods with SIEM tools
    • Follow-along guide for Wazuh setup
    • Practice Quiz: Activity: Perform a query with Wazuh
    • Practice Quiz: Test your knowledge: Overview of SIEM tools
    • Wrap-up
    • Glossary terms from module 4
    • Graded Quiz: Module 4 challenge
    • Graded Quiz: Portfolio Activity: Finalize your incident handler's journal
    • Portfolio Activity Exemplar: Finalize your incident handler's journal
    • Course wrap-up
    • Course 6 glossary
    • Get started on the next course
    • Course 6 resources and citations

Tags

Reviews

Start your review of Sound the Alarm: Detection and Response

Go to class

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.