When will I have access to the lectures and assignments?

To access the course materials, assignments and to earn a Certificate, you will need to purchase the Certificate experience when you enroll in a course. You can try a Free Trial instead, or apply for Financial Aid. The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.

What will I get if I subscribe to this Certificate?

When you enroll in the course, you get access to all of the courses in the Certificate, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile.

Sound the Alarm: Detection and Response

This course is part of Google Cybersecurity Professional Certificate

Instructor: Google Career Certificates

324,297 already enrolled

Included with

Learn more

4 modules

Gain insight into a topic and learn the fundamentals.

3,373 reviews

Beginner level

No prior experience required

Flexible schedule

2 weeks at 10 hours a week

Learn at your own pace

98%

Most learners liked this course

4 modules

Gain insight into a topic and learn the fundamentals.

3,373 reviews

Beginner level

No prior experience required

Flexible schedule

2 weeks at 10 hours a week

Learn at your own pace

98%

Most learners liked this course

What you'll learn

Identify the steps to contain, eradicate, and recover from an incident
Analyze packets to interpret network communications
Understand basic syntax, components of signatures and logs in Intrusion Detection Systems (IDS) and Network Intrusion Detection Systems (NIDS) tools
Perform queries in Security Information and Event Management (SIEM) tools to investigate an event

Skills you'll gain

Tools you'll learn

Details to know

Shareable certificate

Add to your LinkedIn profile

Assessments

25 assignments

Taught in English

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

logos of Petrobras, TATA, Danone, Capgemini, P&G and L'Oreal

Build your Computer Security and Networks expertise

This course is part of the Google Cybersecurity Professional Certificate

When you enroll in this course, you'll also be enrolled in this Professional Certificate.

Learn new concepts from industry experts
Gain a foundational understanding of a subject or tool
Develop job-relevant skills with hands-on projects
Earn a shareable career certificate from Google

There are 4 modules in this course

This is the sixth course in the Google Cybersecurity Certificate. Learners will focus on incident detection and response. They will learn what defines a security incident and explain the incident response lifecycle, including the roles and responsibilities of incident response teams. Learners will analyze and interpret network communications to detect security incidents using packet sniffing tools to capture network traffic. By assessing and analyzing artifacts, learners will explore the incident investigation and response processes and procedures. Additionally, they will develop a conceptual overview of log data and their role in intrusion detection systems (IDS) and Security Information Event Management (SIEM) tools. Learners who complete this certificate will be equipped to apply for entry-level cybersecurity roles. No previous experience is necessary.

By the end of this course, you will: - Explain the lifecycle of an incident. - Describe the tools used in documentation, detection, and management of incidents. - Analyze packets to interpret network communications. - Perform artifact investigations to analyze and verify security incidents. - Identify the steps to contain, eradicate, and recover from an incident. - Determine how to read and analyze logs during incident investigation. - Interpret the basic syntax and components of signatures and logs in Intrusion Detection Systems (IDS) and Network Intrusion Detection Systems (NIDS) tools. - Perform queries in Security Information and Event Management (SIEM) tools to investigate an event.

Module details

This module provides an overview of detection and incident response. Learners will explore how security professionals verify and respond to malicious threats. Learners will also become familiar with the steps involved in incident response. This overview will be the foundation for the next module.

What's included

12 videos7 readings6 assignments1 plugin

12 videosTotal 30 minutes

Introduction to Course 6 2 minutes
Dave: Grow your cybersecurity career with mentors3 minutes
Welcome to module 1 2 minutes
Introduction to the incident response lifecycle 4 minutes
Incident response teams 3 minutes
Fatima: The importance of communication during incident response3 minutes
Incident response plans2 minutes
Incident response tools 2 minutes
The value of documentation 3 minutes
Intrusion detection systems 2 minutes
Alert and event management with SIEM and SOAR tools4 minutes
Wrap-up 1 minute

7 readingsTotal 44 minutes

Course 6 overview4 minutes
Helpful resources and tips4 minutes
Portfolio Activity Exemplar: Document an incident with an incident handler's journal4 minutes
Roles in response 8 minutes
Overview of detection tools 8 minutes
Overview of SIEM technology 12 minutes
Glossary terms from module 14 minutes

6 assignmentsTotal 114 minutes

Test your knowledge: The incident response lifecycle8 minutes
Test your knowledge: Incident response operations8 minutes
Test your knowledge: Detection and documentation tools 8 minutes
Test your knowledge: Management tools20 minutes
Portfolio Activity: Document an incident with an incident handler's journal20 minutes
Module 1 challenge50 minutes

1 pluginTotal 10 minutes

Explore: Apply the NIST lifecycle to a vishing scenario10 minutes

In this module, learners will be provided with an overview of network analysis tools more commonly referred to as “packet sniffers”. In particular, learners will sniff the network and analyze packets for malicious threats. Learners will also craft common filtering commands in both tcpdump and Wireshark to analyze the contents of packet capture.

What's included

9 videos10 readings5 assignments4 app items

9 videosTotal 23 minutes

Welcome to module 21 minute
Casey: Apply soft skills in cybersecurity2 minutes
The importance of network traffic flows3 minutes
Data exfiltration attacks4 minutes
Packets and packet captures3 minutes
Interpret network communications with packets2 minutes
Reexamine the fields of a packet header4 minutes
Packet captures with tcpdump4 minutes
Wrap-up1 minute

10 readingsTotal 64 minutes

Maintain awareness with network monitoring 8 minutes
Learn more about packet captures 8 minutes
Investigate packet details8 minutes
Resources for completing labs4 minutes
Lab tips and troubleshooting steps4 minutes
Exemplar: Analyze your first packet8 minutes
Overview of tcpdump 8 minutes
Exemplar: Capture your first packet8 minutes
Activity Exemplar: Research network protocol analyzers4 minutes
Glossary terms from module 24 minutes

5 assignmentsTotal 104 minutes

Test your knowledge: Understand network traffic8 minutes
Test your knowledge: Capture and view network traffic8 minutes
Test your knowledge: Packet inspection8 minutes
Activity: Research network protocol analyzers30 minutes
Module 2 challenge50 minutes

4 app itemsTotal 80 minutes

Activity: Analyze your first packet30 minutes
Optional Exemplar: Analyze your first packet10 minutes
Activity: Capture your first packet30 minutes
Optional Exemplar: Capture your first packet10 minutes

In this module, Learners will explore the various processes and procedures in the stages of incident detection, investigation, analysis, and response as framed by NIST. They will utilize VirusTotal as an investigative tool to analyze the details of suspicious file hashes. Learners will recognize the importance of documentation and evidence collection during the detection and response stages. Finally, learners will approximate an incident’s chronology by mapping artifacts to reconstruct an incident’s timeline.

What's included

11 videos11 readings7 assignments2 plugins

11 videosTotal 27 minutes

Welcome to module 3 1 minute
The detection and analysis phase of the lifecycle 2 minutes
MK: Changes in the cybersecurity industry3 minutes
The benefits of documentation 2 minutes
Document evidence with chain of custody forms 4 minutes
The value of cybersecurity playbooks 3 minutes
The role of triage in incident response 3 minutes
Robin: Foster cross-team collaboration3 minutes
The containment, eradication, and recovery phase of the lifecycle2 minutes
The post-incident activity phase of the lifecycle 2 minutes
Wrap-up 1 minute

11 readingsTotal 78 minutes

Cybersecurity incident detection methods8 minutes
Ongoing Monitoring of CI/CD10 minutes
Indicators of compromise8 minutes
Analyze indicators of compromise with investigative tools8 minutes
Activity Exemplar: Investigate a suspicious file hash4 minutes
Best practices for effective documentation 8 minutes
Activity Exemplar: Use a playbook to respond to a phishing incident4 minutes
The triage process 8 minutes
Business continuity considerations8 minutes
Post-incident review 8 minutes
Glossary terms from module 34 minutes

7 assignmentsTotal 144 minutes

Activity: Investigate a suspicious file hash20 minutes
Test your knowledge: Incident detection and verification8 minutes
Activity: Use a playbook to respond to a phishing incident30 minutes
Test your knowledge: Response and recovery8 minutes
Activity: Review a final report20 minutes
Test your knowledge: Post-incident actions 8 minutes
Module 3 challenge50 minutes

2 pluginsTotal 20 minutes

Identify: Indicators of compromise10 minutes
Identify: Explore an incident event timeline10 minutes

In this module, learners will be provided with a conceptual overview of logs and their role in intrusion detection systems (IDSs) and Security Information and Event Management tools (SIEMs). The module will discuss the general concept of an IDS and how it works to detect attacks before highlighting specific IDS and SIEM products, such as Suricata, Splunk, Google SecOps (Chronicle), and Wazuh, respectively. Learners will then develop an understanding of how to access and navigate within Suricata and how basic rules are set up to provide alerts, events, and logs for malicious network traffic. This module will conclude with an introduction to Splunk, Google SecOps (Chronicle), and Wazuh, and will showcase some of their features, including common commands for search queries.

What's included

14 videos13 readings7 assignments2 app items1 plugin

14 videosTotal 41 minutes

Welcome to module 4 1 minute
The importance of logs 4 minutes
Rebecca: Learn new tools and technologies2 minutes
Variations of logs 4 minutes
Security monitoring with detection tools 4 minutes
Grace: Security mindset in detection and response3 minutes
Components of a detection signature 4 minutes
Examine signatures with Suricata4 minutes
Examine Suricata logs2 minutes
Reexamine SIEM tools2 minutes
Query for events with Splunk4 minutes
Query for events with Google SecOps4 minutes
Wrap-up 1 minute
Course wrap-up 2 minutes

13 readingsTotal 82 minutes

Best practices for log collection and management8 minutes
Overview of log file formats8 minutes
Detection tools and techniques8 minutes
Overview of Suricata8 minutes
Exemplar: Explore signatures with Suricata8 minutes
Log sources and log ingestion8 minutes
Search methods with SIEM tools8 minutes
Follow-along guide for Wazuh setup10 minutes
Glossary: Network traffic and logs using IDs and SIEM Tools4 minutes
Portfolio Activity Exemplar: Finalize your incident handler's journal4 minutes
Reflect and connect with peers2 minutes
Course 6 glossary2 minutes
Get started on the next course 4 minutes

7 assignmentsTotal 164 minutes

Test your knowledge: Overview of logs8 minutes
Test your knowledge: Log components and formats8 minutes
Test your knowledge: Overview of intrusion detection systems (IDS) 8 minutes
Activity: Perform a query with Wazuh30 minutes
Test your knowledge: Overview of SIEM tools30 minutes
Module 4 challenge50 minutes
Portfolio Activity: Finalize your incident handler's journal30 minutes

2 app itemsTotal 40 minutes

Activity: Explore signatures and logs with Suricata30 minutes
Optional Exemplar: Explore signatures and logs with Suricata10 minutes

1 pluginTotal 10 minutes

Identify: Match log files to their file format10 minutes

Earn a career certificate

Add this credential to your LinkedIn profile, resume, or CV. Share it on social media and in your performance review.

Instructor

Instructor ratings

(751 ratings)

Google Career Certificates

Google

386 Courses16,620,369 learners

Offered by

Google

Learner reviews

5 stars
84.17%
4 stars
11.49%
3 stars
2.84%
2 stars
0.71%
1 star
0.77%

Showing 3 of 3373

Reviewed on Jul 11, 2024

I loved this coursed and learned so much. The only thing I would have liked to see is if the all of the SIEM tools were integrated into a lab like many of the other labs are directly in the courses.

Reviewed on May 8, 2025

The professor’s teaching is excellent, making complex topics easy to understand. The study material provided is also awesome and very helpful for learning. Highly recommended!

Reviewed on Oct 16, 2023

Learnt a lot about SIEM tools and much more that are all ready to be applied in the job. Thanks a lot to Google and Coursera for such a wonderful session.

View more reviews