Catalog > All Topics

Conducting Threat Hunting and Defending using Cisco Technologies for CyberOps (CBRTHD)

Cisco
5 Days
Download Course Outline
$4,395.00
Request a Quote
44 Learning Credits
Share
Schedule
Export to CSV
  • No schedule events found for this course.
      • PC
        Private Class
        Privately train a group of your employees at your facility, virtually, or any of our locations.
    Request
  • LCLive Classroom
    Live Classroom
    Learn and interact with your instructor and peers in-person in our classrooms.
  • VCVirtual Classroom
    Virtual Classroom
    Attend any of our instructor-led classes virtually regardless of your physical location.
  • PCPrivate Class
    Private Class
    Privately train a group of your employees at your facility, virtually, or any of our locations.
  • GTRGuaranteed to Run
    Guaranteed to Run
    GTR classes are guaranteed to run as promised and delivered.
Course Summary
Show All

Description

The Conducting Threat Hunting and Defending using Cisco Technologies for CyberOps (CBRTHD) training is a 5-day Cisco threat hunting training that introduces and guides you to a proactive security search through networks, endpoints, and datasets to hunt for malicious, suspicious, and risky activities that may have evaded detection by existing tools. In this training, you will learn the core concepts, methods, and processes used in threat hunting investigations. This training provides an environment for attack simulation and threat hunting skill development using a wide array of security products and platforms from Cisco and third-party vendors. 

This training prepares you for the 300-220 CBRTHD v1.0 exam. If passed, you earn the Cisco Certified Specialist – Threat Hunting and Defending certification and satisfy the concentration exam requirement for the Cisco Certified CyberOps Professional certification. This training also earns you 40 credits towards recertification. 

This training will help you: 

  • Learn how to perform a proactive security search through networks, endpoints, and datasets to hunt for malicious, suspicious, and risky activities that may have evaded detection by existing tools 
  • Gain leading-edge career skills focused on cybersecurity 
  • Prepare for the 300-220 CBRTHD v1.0 exam 
  • Earn 40 CE credits toward recertification 

Conducting Threat Hunting and Defending using Cisco Technologies for CyberOps (300-220 CBRTHD v1.0) is a 90-minute exam associated with the Cisco Certified Specialist – Threat Hunting and Defending certification and satisfies the concentration exam requirement for the Cisco Certified CyberOps Professional certification. 

The exam tests your knowledge of conducting threat hunting and defending, including: 

  • Threat modeling techniques 
  • Threat actor attribution techniques 
  • Threat hunting techniques, processes, and outcomes 

Objectives

  • Define threat hunting and identify core concepts used to conduct threat hunting investigations 
  • Examine threat hunting investigation concepts, frameworks, and threat models 
  • Define cyber threat hunting process fundamentals 
  • Define threat hunting methodologies and procedures 
  • Describe network-based threat hunting 
  • Identify and review endpoint-based threat hunting 
  • Identify and review endpoint memory-based threats and develop endpoint-based threat detection 
  • Define threat hunting methods, processes, and Cisco tools that can be utilized for threat hunting 
  • Describe the process of threat hunting from a practical perspective 
  • Describe the process of threat hunt reporting 

Prerequisites

The knowledge and skills you are expected to have before attending this training are: 

  • General knowledge of networks 
  • Cisco CCNP Security certification 

These skills can be found in the following Cisco Learning Offerings:   

  • Implementing and Administering Cisco Solutions (CCNA) 
  • Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) 
  • Performing CyberOps Using Cisco Security Technologies (CBRCOR) 
  • Conducting Forensic Analysis and Incident Response Using Cisco Technologies for CyberOps (CBRFIR)

Who Should Attend

  • Security Operations Center staff 
  • Security Operations Center (SOC) Tier 2 Analysts 
  • Threat Hunters 
  • Cyber Threat Analysts 
  • Threat Managers 
  • Risk Managements 

Outline

Course Outline

  1. Threat Hunting Theory 
  2. Threat Hunting Concepts, Frameworks, and Threat Models 
  3. Threat Hunting Process Fundamentals  
  4. Threat Hunting Methodologies and Procedures 
  5. Network-Based Threat Hunting 
  6. Endpoint-Based Threat Hunting 
  7. Endpoint-Based Threat Detection Development 
  8. Threat Hunting with Cisco Tools 
  9. Threat Hunting Investigation Summary: A Practical Approach 
  10. Reporting the Aftermath of a Threat Hunt Investigation 

Lab Outline

  1. Categorize Threats with MITRE ATTACK Tactics and Techniques 
  2. Compare Techniques Used by Different APTs with MITRE ATTACK Navigator 
  3. Model Threats Using MITRE ATTACK and D3FEND 
  4. Prioritize Threat Hunting Using the MITRE ATTACK Framework and Cyber Kill Chain 
  5. Determine the Priority Level of Attacks Using MITRE CAPEC 
  6. Explore the TaHiTI Methodology 
  7. Perform Threat Analysis Searches Using OSINT 
  8. Attribute Threats to Adversary Groups and Software with MITRE ATTACK 
  9. Emulate Adversaries with MITRE Caldera 
  10. Find Evidence of Compromise Using Native Windows Tools 
  11. Hunt for Suspicious Activities Using Open-Source Tools and SIEM 
  12. Capturing of Network Traffic 
  13. Extraction of IOC from Network Packets 
  14. Usage of ELK Stack for Hunting Large Volumes of Network Data  
  15. Analyzing Windows Event Logs and Mapping Them with MITRE Matrix 
  16. Endpoint Data Acquisition 
  17. Inspect Endpoints with PowerShell  
  18. Perform Memory Forensics with Velociraptor 
  19. Detect Malicious Processes on Endpoints 
  20. Identify Suspicious Files Using Threat Analysis 
  21. Conduct Threat Hunting Using Cisco Secure Firewall, Cisco Secure Network Analytics, and Splunk 
  22. Conduct Threat Hunt Using Cisco XDR Control Center and Investigate 
  23. Initiate, Conduct, and Conclude a Threat Hunt