Understanding Risk Management and SOC Operations

• Governance, Risk, and Compliance
• Security Regulatory Requirements
• Security Policy
• Protected Information
• Risk Analysis and Insurance
• SOC Services, Operations, and Automation
• SOC Service Models

Understanding Analytical Processes and Playbooks

• Security Analytics
• SOC Playbook
• SOC Automation and Workflow
• Incident Response Concepts, Metrics, and Workflow
• Documenting Security Incidents in Cases
• Security Orchestration, Automation, and Response
• Cisco SecureX Orchestration Workflows
• Explore Cisco SecureX Orchestration
• Splunk Enterprise and Phantom Overview
• Explore Splunk Phantom Playbooks

Investigating Packet Captures, Logs, and Traffic Analysis

• Identity Access Management Logs
• Artifacts and Traffic Streams in a Packet Capture
• Examine Cisco Firepower Packet Captures and PCAP Analysis
• Nextgen Firewall and IPS Logs
• Dissecting Suspicious Requests
• Network Traffic Analysis Using NetFlow Analytics
• Detecting and Enforcing DLP On-the-Wire
• Cisco AMP Architecture
• Cisco Web Security Appliance
• Network DNS Logs
• Cisco Email Security Appliance
• Email Security Logs (Not Detection-Based)
• Cisco Umbrella Reports
• Validate an Attack and Determine the Incident Response

Investigating Endpoint and Appliance Logs

• Cisco ISE Monitoring, Reporting, and Alerting
• Cisco Advanced Malware Protection
• Cisco Threat Grid
• Submit a Malicious File to Cisco Threat Grid for Analysis
• Endpoint Logs from Non-Detection Sources
• Server DNS Logs
• Internet of Things
• Web Security Logs
• Endpoint Data Loss Protection
• Endpoint-Based Attack Scenario Referencing MITRE ATTACK®

Understanding Cloud Service Model Security Responsibilities

• Evolution of Cloud Computing
• Cloud Service Models
• Security Responsibilities in the IaaS Service Model
• Security Responsibilities in the PaaS Service Model
• Security Responsibilities in the SaaS Service Model
• Cloud Deployment Models
• Key Security Controls in SaaS
• Cloud Access Security Broker
• Cisco Cloudlock
• Cloud Security Regulations and References

Understanding Enterprise Environment Assets

• Asset Management
• Remediating Vulnerabilities and the SOC
• Assessing Vulnerabilities
• Patch Management
• Data Storage and Protecting Data Privacy
• Multi-Factor Authentication
• Zero Trust Model
• Evaluate Assets in a Typical Enterprise Environment

lmplementing Threat Tuning

• Security Tuning Governance Policy
• Tuning Security Controls Rules, Filters, and Policies
• Determining If a Rule Is Defective
• Anatomy of a Snort Rule
• Explore Cisco Firepower NGFW Access Control Policy and Snort Rules
• Troubleshooting Detection Rules
• Recommending Scenarios for Tuning

Threat Research and Threat lntelligence Practices

• Cyber Threat Intelligence Overview
• Cyber Threat Intelligence Lifecycle
• Cyber Threat Intelligence Data Sources
• Indicators of Compromise and Indicators of Attack
• Security Intelligence Reports
• Investigate IOCs from Cisco Talos Blog Using Cisco SecureX
• Cyber Attribution
• Cyber Threat Intelligence Tools
• Security Intelligence in a TIP Platform
• Using Indicator Analysis to Reveal Hidden Infections
• Explore the ThreatConnect Threat Intelligence Platform
• Track the TTPs of a Successful Attack Using a TIP

Understanding APls

• API Overview
• CSV, HTML, and XML Data Encoding
• JSON Data Encoding
• YAML Data Serialization Standard
• HTTP-Based APIs
• RESTful APIs vs. Non-RESTful APIs
• Cisco pxGrid
• HTTP-Based Authentication
• Postman
• Query Cisco Umbrella Using Postman API Client
• RESTCONF
• NETCONF
• Google RPC
• Data Modeling with YANG
• STIX and TAXII Specifications
• Role of APIs in Cisco Security Solutions
• Python Fundamentals
• Python Virtual Environments
• Fix a Python API Script

Understanding SOC Development and Deployment Models

• Agile Methodology
• DevOps Practices and Principles
• Components of a CI/CD Pipeline
• Essential Windows and Linux CLI for Development and Operations
• Infrastructure as Code
• SOC Platform Development, Engineering, Operation, and Maintenance
• Create Basic Bash Scripts

Performing Security Analytics and Reports in a SOC

• Security Data and Log Analytic Techniques
• Security Data Management Users
• Security Data with Log Management and Retention
• Security Data and Log Aggregations
• Security Information and Event Management
• Security Data and Log Analytics Automation
• Dashboards and Reports

Malware Forensics Basics

• Malware Detection Tools
• Static Malware Analysis from Detection Tools
• Dynamic Malware Analysis from Sandbox Logs
• File Fingerprinting for Attribution
• Evading Detection
• File Forensics
• Reverse Engineer Malware

Threat Hunting Basics

• Proactive Threat Hunting Concepts
• Using MITRE ATTACK® Framework for Threat Hunting
• Using CAPEC to Hunt for Weaknesses in Applications
• Evaluating Security Posture and Gaps in Controls Using MITRE ATTACK®
• Threat Hunting Case Study
• Perform Threat Hunting

Performing Incident Investigation and Response

• Threat Modeling
• Indicators of Compromise and Indicators of Attack
• Attack Campaigns, Tactics, Techniques, and Procedures
• Sequence of Events During an Attack Based on Analysis of Traffic Patterns
• Steps to Investigate the Common Types of Cases
• IRT Concepts and Actions
• Tool-Based Mitigation and Gaps
• Steps to Investigate Potential Data Loss
• Conduct an Incident Response
• Lessons Learned

• Explore Cisco SecureX Orchestration
• Explore Splunk Phantom Playbooks
• Examine Cisco Firepower Packet Captures and PCAP Analysis
• Validate an Attack and Determine the Incident Response
• Submit a Malicious File to Cisco Threat Grid for Analysis
• Endpoint-Based Attack Scenario Referencing MITRE ATTACK®
• Evaluate Assets in a Typical Enterprise Environment
• Explore Cisco Firepower NGFW Access Control Policy and Snort Rules
• Investigate IOCs from Cisco Talos Blog Using Cisco SecureX
• Explore the ThreatConnect Threat Intelligence Platform
• Track the TTPs of a Successful Attack Using a TIP
• Query Cisco Umbrella Using Postman API Client
• Fix a Python API Script
• Create Basic Bash Scripts
• Reverse Engineer Malware
• Perform Threat Hunting