-
The Conducting Threat Hunting and Defending using Cisco Technologies for CyberOps (CBRTHD) training is a 5-day Cisco threat hunting training that introduces and guides you to a proactive security search through networks, endpoints, and datasets to hunt for malicious, suspicious, and risky activities that may have evaded detection by existing tools. In this training, you will learn the core concepts, methods, and processes used in threat hunting investigations. This training provides an environment for attack simulation and threat hunting skill development using a wide array of security products and platforms from Cisco and third-party vendors. This training prepares you for the CBRTHD exam.
-
Course Contents
-
- Threat Hunting Theory
- Threat Hunting Concepts, Frameworks, and Threat Models
- Threat Hunting Process Fundamentals
- Threat Hunting Methodologies and Procedures
- Network-Based Threat Hunting
- Endpoint-Based Threat Hunting
- Endpoint-Based Threat Detection Development
- Threat Hunting with Cisco Tools
- Threat Hunting Investigation Summary: A Practical Approach
- Reporting the Aftermath of a Threat Hunt Investigation
You will receive the original course documentation from Cisco in English language as a Cisco E-Book. In the Cisco Digital Learning Version, the content of the courseware is integrated into the learning interface instead.
-
Target Group
-
This training is designed for the following roles:
- Security Operations Center staff
- Security Operations Center (SOC) Tier 2 Analysts
- Threat Hunters
- Cyber Threat Analysts
- Threat Managers
- Risk Managements
-
Knowledge Prerequisites
-
The knowledge and skills you are expected to have before attending this training are:
- General knowledge of networks
- Cisco CCNP Security certification
These skills can be found in the following Cisco Learning Offerings:
- Implementing and Administering Cisco Solutions (CCNA)
- Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
- Performing CyberOps Using Cisco Security Technologies (CBRCOR)
- Conducting Forensic Analysis and Incident Response Using Cisco Technologies for CyberOps (CBRFIR)
-
Complementary and Continuative Courses
-
CBRCOR – Performing CyberOps Using Cisco Security Technologies
CBRFIR – Conducting Forensic Analysis and Incident Response Using Cisco Technologies for CyberOps -
Course Objective
-
This training prepares you for the CBRTHD exam. If passed, you earn the Cisco Certified Specialist – Threat Hunting and Defending certification and satisfy the concentration exam requirement for the Cisco Certified CyberOps Professional certification. This training also earns you 40 credits towards recertification.
After taking this training, you should be able to:
- Define threat hunting and identify core concepts used to conduct threat hunting investigations
- Examine threat hunting investigation concepts, frameworks, and threat models
- Define cyber threat hunting process fundamentals
- Define threat hunting methodologies and procedures
- Describe network-based threat hunting
- Identify and review endpoint-based threat hunting
- Identify and review endpoint memory-based threats and develop endpoint-based threat detection
- Define threat hunting methods, processes, and Cisco tools that can be utilized for threat hunting
- Describe the process of threat hunting from a practical perspective
- Describe the process of threat hunt reporting
| Course outline |
| Threat Hunting Theory |
| Threat Hunting Concepts, Frameworks, and Threat Models |
| Threat Hunting Process Fundamentals |
| Threat Hunting Methodologies and Procedures |
| Network-Based Threat Hunting |
| Endpoint-Based Threat Hunting |
| Endpoint-Based Threat Detection Development |
| Threat Hunting with Cisco Tools |
| Threat Hunting Investigation Summary: A Practical Approach |
| Reporting the Aftermath of a Threat Hunt Investigation |
| Lab outline |
| Categorize Threats with MITRE ATTACK Tactics and Techniques |
| Compare Techniques Used by Different APTs with MITRE ATTACK Navigator |
| Model Threats Using MITRE ATTACK and D3FEND |
| Prioritize Threat Hunting Using the MITRE ATTACK Framework and Cyber Kill Chain |
| Determine the Priority Level of Attacks Using MITRE CAPEC |
| Explore the TaHiTI Methodology |
| Perform Threat Analysis Searches Using OSINT |
| Attribute Threats to Adversary Groups and Software with MITRE ATTACK |
| Emulate Adversaries with MITRE Caldera |
| Find Evidence of Compromise Using Native Windows Tools |
| Hunt for Suspicious Activities Using Open-Source Tools and SIEM |
| Capturing of Network Traffic |
| Extraction of IOC from Network Packets |
| Usage of ELK Stack for Hunting Large Volumes of Network Data |
| Analyzing Windows Event Logs and Mapping Them with MITRE Matrix |
| Endpoint Data Acquisition |
| Inspect Endpoints with PowerShell |
| Perform Memory Forensics with Velociraptor |
| Detect Malicious Processes on Endpoints |
| Identify Suspicious Files Using Threat Analysis |
| Conduct Threat Hunting Using Cisco Secure Firewall, Cisco Secure Network Analytics, and Splunk |
| Conduct Threat Hunt Using Cisco XDR Control Center and Investigate |
| Initiate, Conduct, and Conclude a Threat Hunt |
You are interested in a certification? The course at hand is part of the following certification(s):
Certification as Cisco Certified CyberOps Professional
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Cisco Digital Learning
- This course is available in the Cisco Digital Learning Library. These recently developed, multi-modal training events include HD videos moderated by lecturers with stored searchable text and subtitles, as well as a exercises, labs, and explanatory text and graphics. We provide this offer to you via our myExperTeach learning portal. Effective of the activation of the account, access to the courses will be granted for a duration of 6 months. In the case of packet solutions (Cisco Digital Learning Subscriptions), this time period will amount to 12 months.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.-
The Conducting Threat Hunting and Defending using Cisco Technologies for CyberOps (CBRTHD) training is a 5-day Cisco threat hunting training that introduces and guides you to a proactive security search through networks, endpoints, and datasets to hunt for malicious, suspicious, and risky activities that may have evaded detection by existing tools. In this training, you will learn the core concepts, methods, and processes used in threat hunting investigations. This training provides an environment for attack simulation and threat hunting skill development using a wide array of security products and platforms from Cisco and third-party vendors. This training prepares you for the CBRTHD exam.
-
Course Contents
-
- Threat Hunting Theory
- Threat Hunting Concepts, Frameworks, and Threat Models
- Threat Hunting Process Fundamentals
- Threat Hunting Methodologies and Procedures
- Network-Based Threat Hunting
- Endpoint-Based Threat Hunting
- Endpoint-Based Threat Detection Development
- Threat Hunting with Cisco Tools
- Threat Hunting Investigation Summary: A Practical Approach
- Reporting the Aftermath of a Threat Hunt Investigation
You will receive the original course documentation from Cisco in English language as a Cisco E-Book. In the Cisco Digital Learning Version, the content of the courseware is integrated into the learning interface instead.
-
Target Group
-
This training is designed for the following roles:
- Security Operations Center staff
- Security Operations Center (SOC) Tier 2 Analysts
- Threat Hunters
- Cyber Threat Analysts
- Threat Managers
- Risk Managements
-
Knowledge Prerequisites
-
The knowledge and skills you are expected to have before attending this training are:
- General knowledge of networks
- Cisco CCNP Security certification
These skills can be found in the following Cisco Learning Offerings:
- Implementing and Administering Cisco Solutions (CCNA)
- Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
- Performing CyberOps Using Cisco Security Technologies (CBRCOR)
- Conducting Forensic Analysis and Incident Response Using Cisco Technologies for CyberOps (CBRFIR)
-
Complementary and Continuative Courses
-
CBRCOR – Performing CyberOps Using Cisco Security Technologies
CBRFIR – Conducting Forensic Analysis and Incident Response Using Cisco Technologies for CyberOps -
Course Objective
-
This training prepares you for the CBRTHD exam. If passed, you earn the Cisco Certified Specialist – Threat Hunting and Defending certification and satisfy the concentration exam requirement for the Cisco Certified CyberOps Professional certification. This training also earns you 40 credits towards recertification.
After taking this training, you should be able to:
- Define threat hunting and identify core concepts used to conduct threat hunting investigations
- Examine threat hunting investigation concepts, frameworks, and threat models
- Define cyber threat hunting process fundamentals
- Define threat hunting methodologies and procedures
- Describe network-based threat hunting
- Identify and review endpoint-based threat hunting
- Identify and review endpoint memory-based threats and develop endpoint-based threat detection
- Define threat hunting methods, processes, and Cisco tools that can be utilized for threat hunting
- Describe the process of threat hunting from a practical perspective
- Describe the process of threat hunt reporting
| Course outline |
| Threat Hunting Theory |
| Threat Hunting Concepts, Frameworks, and Threat Models |
| Threat Hunting Process Fundamentals |
| Threat Hunting Methodologies and Procedures |
| Network-Based Threat Hunting |
| Endpoint-Based Threat Hunting |
| Endpoint-Based Threat Detection Development |
| Threat Hunting with Cisco Tools |
| Threat Hunting Investigation Summary: A Practical Approach |
| Reporting the Aftermath of a Threat Hunt Investigation |
| Lab outline |
| Categorize Threats with MITRE ATTACK Tactics and Techniques |
| Compare Techniques Used by Different APTs with MITRE ATTACK Navigator |
| Model Threats Using MITRE ATTACK and D3FEND |
| Prioritize Threat Hunting Using the MITRE ATTACK Framework and Cyber Kill Chain |
| Determine the Priority Level of Attacks Using MITRE CAPEC |
| Explore the TaHiTI Methodology |
| Perform Threat Analysis Searches Using OSINT |
| Attribute Threats to Adversary Groups and Software with MITRE ATTACK |
| Emulate Adversaries with MITRE Caldera |
| Find Evidence of Compromise Using Native Windows Tools |
| Hunt for Suspicious Activities Using Open-Source Tools and SIEM |
| Capturing of Network Traffic |
| Extraction of IOC from Network Packets |
| Usage of ELK Stack for Hunting Large Volumes of Network Data |
| Analyzing Windows Event Logs and Mapping Them with MITRE Matrix |
| Endpoint Data Acquisition |
| Inspect Endpoints with PowerShell |
| Perform Memory Forensics with Velociraptor |
| Detect Malicious Processes on Endpoints |
| Identify Suspicious Files Using Threat Analysis |
| Conduct Threat Hunting Using Cisco Secure Firewall, Cisco Secure Network Analytics, and Splunk |
| Conduct Threat Hunt Using Cisco XDR Control Center and Investigate |
| Initiate, Conduct, and Conclude a Threat Hunt |
You are interested in a certification? The course at hand is part of the following certification(s):
Certification as Cisco Certified CyberOps Professional
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Cisco Digital Learning
- This course is available in the Cisco Digital Learning Library. These recently developed, multi-modal training events include HD videos moderated by lecturers with stored searchable text and subtitles, as well as a exercises, labs, and explanatory text and graphics. We provide this offer to you via our myExperTeach learning portal. Effective of the activation of the account, access to the courses will be granted for a duration of 6 months. In the case of packet solutions (Cisco Digital Learning Subscriptions), this time period will amount to 12 months.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
You can find the complete description of this course with dates and prices ready for download at as PDF.