Implementing Cisco Cybersecurity Operations (SECOPS) Certification Training

Module 1: SOC Overview

Lesson 1: Defining the Security Operations Center

• Types of Security Operations Centers
• SOC Analyst Tools
• Data Analytics
• Hybrid Installations: Automated Reports, Anomaly Alerts
• Sufficient Staffing Necessary for an Effective Incident Response Team
• Roles in a Security Operations Center
• Develop Key Relationships with External Resources
• Challenge

Lesson 2: Understanding NSM Tools and Data

• Introduction
• NSM Tools
• NSM Data
• Security Onion
• Full Packet Capture
• Session Data
• Transaction Data
• Alert Data
• Other Data Types
• Correlating NSM Data
• Challenge

Lesson 3: Understanding Incident Analysis in a Threat-Centric SOC

• Classic Kill Chain Model Overview
• Kill Chain Phase 1: Reconnaissance
• Kill Chain Phase 2: Weaponization
• Kill Chain Phase 3: Delivery
• Kill Chain Phase 4: Exploitation
• Kill Chain Phase 5: Installation
• Kill Chain Phase 6: Command-and-Control
• Kill Chain Phase 7: Actions on Objectives
• Applying the Kill Chain Model
• Diamond Model Overview
• Applying the Diamond Model
• Exploit Kits
• Challenge

Lesson 4: Identifying Resources for Hunting Cyber Threats

• Cyber-Threat Hunting Concepts
• Hunting Maturity Model
• Cyber-Threat Hunting Cycle
• Common Vulnerability Scoring System
• CVSS v3.0 Scoring
• CVSS v3.0 Example
• Hot Threat Dashboard
• Publicly Available Threat Awareness Resources
• Other External Threat Intelligence Sources and Feeds Reference
• Challenge

Module 2: Security Incident Investigations

Lesson 1: Understanding Event Correlation and Normalization

• Event Sources
• Evidence
• Security Data Normalization
• Event Correlation
• Other Security Data Manipulation
• Challenge

Lesson 2: Identifying Common Attack Vectors

• Obfuscated JavaScript
• Shellcode and Exploits
• Common Metasploit Payloads
• Directory Traversal
• SQL Injection Cross-Site Scripting
• Punycode
• DNS Tunneling
• Pivoting
• Challenge

Lesson 3: Identifying Malicious Activity

• Understanding the Network Design
• Identifying Possible Threat Actors
• Log Data Search
• NetFlow as a Security Tool
• DNS Risk and Mitigation Tool
• Challenge

Lesson 4: Identifying Patterns of Suspicious Behavior

• Network Baselining
• Identify Anomalies and Suspicious Behaviors
• PCAP Analysis
• Delivery
• Challenge

Lesson 5: Conducting Security Incident Investigations

• Security Incident Investigation Procedures
• Threat Investigation Example: China Chopper Remote Access Trojan
• Challenge

Module 3: SOC Operations

Lesson 1: Describing the SOC Playbook

• Security Analytics
• Playbook Definition
• What Is In a Play?
• Playbook Management System
• Challenge

Lesson 2: Understanding the SOC Metrics

• Security Data Aggregation
• Time to Detection
• Security Controls Detection Effectiveness
• SOC Metrics
• Challenge

Lesson 3: Understanding the SOC WMS and Automation

• SOC WMS Concepts
• Incident Response Workflow
• SOC WMS Integration
• SOC Workflow Automation Example
• Challenge

Lesson 4: Describing the Incident Response Plan

• Incident Response Planning
• Incident Response Life Cycle
• Incident Response Policy Elements
• Incident Attack Categories
• Reference: US-CERT Incident Categories
• Regulatory Compliance Incident Response Requirements
• Challenge