CBRFIR

Please note: As of January 21, 2025, the CyberOps certifications were converted to Cisco Cybersecurity certifications by name and include new AI-related exam topics. The "Cisco Certified CyberOps Professional" certification now bears the title "Cisco Certified Cybersecurity Professional". Details

E-learning: Equivalent of 5 days of instruction

The course is a 5-day training consisting of a series of lectures and videos that will enhance your knowledge and skills in the areas of digital forensics and incident response (DFIR) and cybersecurity. The course will prepare you to recognize and respond to cybersecurity threats, vulnerabilities and incidents.

In addition, you will be introduced to digital forensics, including the collection and investigation of digital evidence on electronic devices, and learn how to respond to threats and attacks. Participants will also learn to proactively conduct audits to prevent future attacks.

The Conducting Forensic Analysis and Incident Response Using Cisco Technologies for CyberOps (CBRFIR) v1.0 course also prepares you for the 300-215 CBRFIR exam.

Course Contents

• Introducing Incident Response and Forensic Analysis
• Describing Digital Forensics and Incident Response (DFIR) Guidelines and Associations
• Examining Threats and Vulnerability Frameworks
• Describing the Analytical Mindset
• Preparing for Incident Response and Responding to Threats
• Identifying Sources of Evidence
• Gathering Intelligence
• Examining Digital Forensics and Incident Response Tools
• Describing Detection and Analysis
• Describing Investigation and Detection
• Describing Digital Forensics
• Describing Breach Containment and Eradication
• Describing Post-Incident Activities

Target Group

This course is designed for the following roles:

• SOC Analysts, Tiers 1-2
• Threat Researchers
• Malware Analysts
• Forensic Analysts
• Computer Telephony Integration (CTI) Analysts
• Incident Response Analysts
• Security Operations Center Engineers
• Security Engineers

Knowledge Prerequisites

Before participating in this course, you should fulfill the following requirements:

• Familiarity with network and endpoint security concepts and monitoring
• Experience with network intrusion analysis
• An understanding of security policies and procedures
• Experience with risk management
• Experience with analyzing data traffic and logs
• Familiarity with APIs
• 2-3 years of experience in a Security Operations Center (SOC) environment (Tier 1 experience, or new Tier 2)

These recommended Cisco learning opportunities can help students fulfill these requirements:

• Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
• Performing CyberOps Using Cisco Security Technologies (CBRCOR)
• Splunk Fundamentals 1

Complementary and Continuative Courses

CBRCOR – Performing CyberOps Using Cisco Security Technologies
CBRTHD – Conducting Threat Hunting and Defending using Cisco Technologies for CyberOps

You are interested in a certification? The course at hand is part of the following certification(s):

Certification as Cisco Certified CyberOps Professional

Cisco Digital Learning

This course is available in the Cisco Digital Learning Library. These recently developed, multi-modal training events include HD videos moderated by lecturers with stored searchable text and subtitles, as well as a exercises, labs, and explanatory text and graphics. We provide this offer to you via our myExperTeach learning portal. Effective of the activation of the account, access to the courses will be granted for a duration of 6 months. In the case of packet solutions (Cisco Digital Learning Subscriptions), this time period will amount to 12 months.