https://github.com/sondosaabed/detection-and-response

In this course, I understand the incident response lifecycle and practice using tools to detect and respond to cybersecurity incidents.
https://github.com/sondosaabed/detection-and-response

cybersecurity detection response

Last synced: 6 months ago
JSON representation

In this course, I understand the incident response lifecycle and practice using tools to detect and respond to cybersecurity incidents.

• Host: GitHub
• URL: https://github.com/sondosaabed/detection-and-response
• Owner: sondosaabed
• License: mit
• Created: 2024-08-18T15:35:12.000Z (about 1 year ago)
• Default Branch: main
• Last Pushed: 2024-08-23T10:33:15.000Z (about 1 year ago)
• Last Synced: 2025-03-23T23:36:09.560Z (7 months ago)
• Topics: cybersecurity, detection, response
• Language: Jupyter Notebook
• Homepage:
• Size: 476 KB
• Stars: 5
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Sound the Alarm: Detection and Response

In this course, you will focus on incident detection and response. You'll define a security incident and explain the incident response lifecycle, including the roles and responsibilities of incident response teams. You'll analyze and interpret network communications to detect security incidents using packet sniffing tools to capture network traffic. By assessing and analyzing artifacts, you'll explore the incident investigation and response processes and procedures. Additionally, you'll practice using Intrusion Detection Systems (IDS) and Security Information Event Management (SIEM) tools.

![image](https://github.com/user-attachments/assets/caddc129-88d4-449a-9f03-33d6287bccbe)

## Skills set 

- Explain the lifecycle of an incident.

- Describe the tools used in documentation, detection, and management of incidents.

- Analyze packets to interpret network communications.

- Perform artifact investigations to analyze and verify security incidents.

- Identify the steps to contain, eradicate, and recover from an incident.

- Determine how to read and analyze logs during incident investigation.

- Interpret the basic syntax and components of signatures and logs in Intrusion Detection Systems (IDS) and Network Intrusion Detection Systems (NIDS) tools.

## Syllabus

### Module 1: Introduction to detection and incident response

Detection and incident response are an important part of a cybersecurity analyst’s work. You'll explore how cybersecurity professionals verify and respond to malicious threats and become familiar with the steps involved in incident response.

### Module 2: Network monitoring and analysis

You will explore network analysis tools, commonly referred to as packet sniffers. In particular, you'll sniff the network and analyze packets for malicious threats. You'll also craft filtering commands to analyze the contents of captured packets.

### Module 3: Incident investigation and response

You will learn about the various processes and procedures in the stages of incident detection, investigation, analysis, and response. Then, you'll analyze the details of suspicious file hashes. You'll learn about the importance of documentation and evidence collection during the detection and response stages. Finally, you'll approximate an incident’s chronology by mapping artifacts to reconstruct an incident’s timeline.

### Module 4: Network traffic and logs using IDS and SIEM tools

You will explore logs and their role in Intrusion Detection Systems (IDS) and Security Information Event Management (SIEM) systems. You'll learn how these systems detect attacks. You’ll also be introduced to some IDS and SIEM products. In addition, you’ll write basic IDS rules to provide alerts for malicious network traffic.

## Course Certificate 

![image](https://github.com/user-attachments/assets/28368cbb-a2ab-40c1-8ef6-977813e81e29)