SANS SEC450 – Blue Team Fundamentals Security Operations and Analysis

دوره SANS SEC450 – Blue Team Fundamentals Security Operations and Analysisدانش فنی و مفاهیم کلیدی مورد نیاز تحلیل‌گران مرکز عملیات امنیت (SOC) و اعضای تازه‌وارد تیم دفاع سایبری را به دانشجویان می‌آموزد. این دوره با ارائه‌ی توضیحات و آموزش‌های مفصل و جامعی درباره ماموریت و طرز فکر تیم‌های مدرن عملیات دفاع سایبری، به افرادی که در مسیر تبدیل‌شدن به نسل آینده‌ی اعضای تیم آبی هستند کمک می‌کند شروعی قدرتمند داشته باشند و مهارت‌های خود را برای این مسیر تقویت کنند. دوره SANS SEC450 از موسسه SANS یک دوره سریع و فشرده برای اعضای جدید تیم‌های امنیت سایبری و مدیران SOC است که به دنبال شروعی قدرتمند برای مسیر شغلی یا تربیت نیروهای مورد نیاز در داخل مجموعه خود هستند. این دوره ابزارهای رایج در محیط کاری یک کارشناس دفاع سایبری را به شما آموخته و تمام توضیحات لازم درباره‌ی ابزارها، فرایندها و جریان داده‌ای را که هر عضو تیم آبی باید به آن‌ها مسلط باشد، در خود گنجانده است.

لینک دانلود دوره آموزشی SANS SEC450 – Blue Team Fundamentals Security Operations and Analysis 2022


دانلود – SANS SEC450 2022 eBooks حجم : 49 مگابایت

SANS SEC450 2020 Video + eBooks

حجم : 3.44 گیگابایت

دانلود – بخش اول
دانلود – بخش دوم
دانلود – بخش سوم
دانلود – بخش چهارم

رمز فايل:

Date: 2022
Price: $8,275 USD
Publisher: Sans
File: Video+ PDF
By: John Hubbard
What You Will Learn

Is your organization looking for a quick and effective way to onboard new Security Analysts, Engineers, and Architects? Do your Security Operations Center (SOC) managers need additional technical perspective on how to improve analysis quality, reduce

turnover, and run an efficient SOC?

SEC450 is an accelerated on-ramp for new cyber defense team members and SOC managers. This course introduces students to the tools common to a defender’s work environment, and packs in all the essential explanations of tools, processes, and data flow that every blue team member needs to know.

Students will learn the stages of security operations: how data is collected, where it is collected, and how threats are identified within that data. The class dives deep into tactics for triage and investigation of events that are identified as malicious, as well as how to avoid common mistakes and perform continual high-quality analysis. Students will learn the inner workings of the most popular protocols, and how to identify weaponized files as well as attacks within the hosts and data on their network.

The course employs practical, hands-on instruction using a simulated SOC environment with a real, fully-integrated toolset that includes:

  • Security Information and Event Management (SIEM)
  • An incident tracking and management system
  • A threat intelligence platform
  • Packet capture and analysis
  • Automation tools

While cyber defense can be a challenging and engaging career, many SOCs are negatively affected by turnover. To preemptively tackle this problem, this course also presents research-backed information on preventing burnout and how to keep engagement high through continuous growth, automation, and false positive reduction. Students will finish the course with a full-scope view of how collection and detection work, how SOC tools are used and fit together, and how to keep their SOC up and running over the long term.

Hands-On Training

It is our belief that hands-on training is a crucial component of classroom learning, so each day of this course will include multiple hands-on exercises. To achieve the most realistic scenario possible, the class virtual machine is loaded with all the tools typically used in a SOC. Students will be introduced to the concepts, interconnections, and workflow associated with each of those tools. Throughout the class we will utilize a SIEM, threat intelligence platform, incident management and ticketing system, automation and orchestration tools, full packet capture, and analysis software, as well as multiple command line, open-source intelligence, and analysis tools. All of these tools have been set up and integrated to work with each other in order to re-create the workplace environment as closely as possible, allowing students to gain experience that they can directly translate to their own setup when they get back to the office.

Some of the highlights of what students will learn include:

  • How SIEM, threat intelligence platforms, incident management systems, and automation should connect and work together to provide a painless workflow for analysts
  • Analysis of common alert types including HTTP(S), DNS, and email-based attacks
  • Identification of post-exploitation attacker activity
  • Mental models for understanding alerts and attack patterns that can help to effectively prioritize alerts
  • How to perform high-quality, bias-free alert analysis and investigation
  • How to identify the most high-risk alerts, and quick ways to verify them
  • How logs are collected throughout the environment and the importance of parsing, enrichment, and correlation capability of the SIEM
  • How to create and tune threat detection analytics to eliminate false positives

A basic understanding of TCP/IP and general operating system fundamentals is needed for this course. Being accustomed to the Linux command-line, network security monitoring, and SIEM solutions is a bonus. Some basic entry-level security concepts are assumed.

دیدگاه 1
  1. امیر says

    با سلام
    این دوره فولدر usb شامل virtual machine که در دوره استفاده میشه هم داره، امکانش هست اضافه بفرمایید؟


آدرس ایمیل شما منتشر نخواهد شد.