Cisco Learning and Certifications

Threat Analysis

This course is part of Cybersecurity Operations Fundamentals Specialization

Taught in English

1,957 already enrolled

Included with Coursera Plus

Course

Gain insight into a topic and learn the fundamentals

4.9

(13 reviews)

26 hours (approximately)
Flexible schedule
Learn at your own pace

Details to know

Shareable certificate

Add to your LinkedIn profile

Assessments

65 quizzes

Course

Gain insight into a topic and learn the fundamentals

4.9

(13 reviews)

26 hours (approximately)
Flexible schedule
Learn at your own pace

See how employees at top companies are mastering in-demand skills

Placeholder

Build your subject-matter expertise

This course is part of the Cybersecurity Operations Fundamentals Specialization
When you enroll in this course, you'll also be enrolled in this Specialization.
  • Learn new concepts from industry experts
  • Gain a foundational understanding of a subject or tool
  • Develop job-relevant skills with hands-on projects
  • Earn a shareable career certificate
Placeholder
Placeholder

Earn a career certificate

Add this credential to your LinkedIn profile, resume, or CV

Share it on social media and in your performance review

Placeholder

There are 4 modules in this course

If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand Incident Analysis in a Threat-Centric SOC. By the end of the course, you will be able to: • Use the classic kill chain model to perform network security incident analysis • Describe the reconnaissance phase of the classic kill chain model • Describe the weaponization phase of the classic kill chain model • Describe the delivery phase of the classic kill chain model • Describe the exploitation phase of the classic kill chain model • Describe the installation phase of the classic kill chain mode l• Describe the command-and-control phase of the classic kill chain model • Describe the actions on objectives phase of the classic kill chain model • Describe how the kill chain model can be applied to detect and prevent ransomware • Describe using the diamond model to perform network security incident analysis • Describe how to apply the diamond model to perform network security incident analysis using a threat intelligence platform, such as ThreatConnect • Describe the MITRE ATTACK framework and its use • Walk-through the classic kill chain model and use various tool capabilities of the Security Onion Linux distribution • Understand the kill chain and the diamond models for incident investigations, and the use of exploit kits by threat actors. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

What's included

13 videos21 readings13 quizzes1 discussion prompt

If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand common attack vectors. By the end of the course, you will be able to: • Identify the common attack vectors • Explain DNS terminology and operations • Describe the automated discovery and registration process of the client public IP addresses via DDNS • Describe the process of recursive DNS queries • Describe HTTP operations and traffic analysis to identify anomalies in the HTTP traffic • Describe the use of and operation of HTTPS traffic • Describe the use of and operation of HTTP/2 and streams • Describe how SQL is used to query, operate, and administer relational database management systems, and how to recognize SQL based attacks• Describe how the mail delivery process works, and SMTP conversations • Describe how web scripting can be used to deliver malware • Explain the use of obfuscated JavaScript by the threat actors • Explain the use of shellcode and exploits by threat actors • Understand the three basic types of payloads within the Metasploit framework (single, stager, and stage) • Explain the use of directory traversal by the threat actors • Explain the basic concepts of SQL injection attacks • Explain the basic concepts of cross-site scripting attacks • Explain the use of Punycode by threat actors • Explain the use of DNS tunneling by threat actors • Explain the use of pivoting by threat actors • Describe website redirection with HTTP 302 cushioning • Describe how attackers can gain access via web-based attacks • Understand how threat actors use exploit kits • Describe the Emotet APT • Play the role of both attacker to simulate attacks, and the role of analyst to analyze the attacks. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

What's included

23 videos78 readings23 quizzes

If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you Identify Malicious Activity. By the end of the course, you will be able to: • Explain why security analysts need to understand the network design that they are protecting • Understand the role of the design of the network that you are protecting • Define the different threat actor types • Provide an example of log data search using ELSA • Explore logging functionality in context to Linux systems • Describe how the Windows Event Viewer is used to browse and manage event logs • Describe the context of a security incident in firewall syslog messages • Describe the need for network DNS activity log analysis • Describe web proxy log analysis for investigating web-based attacks • Describe email proxy log analysis for investigating email-based attacks • Describe AAA server log analysis • Describe NGFW log analysis for incident investigation • Describe application log analysis for detecting application misuse • Describe the use of NetFlow for collecting and monitoring of network traffic flow data • Explain the use of NetFlow as a security tool • Describe network behavior anomaly monitoring for detecting deviations from the normal patterns • Describe using NetFlow for data loss detection• Explain how DNS can be used by the threat actors to perform attacks • Describe intrusion prevention system evasion techniques • Explain the Onion Router network and how to detect Tor network traffic • Describe gaining access and control in context to endpoint attacks• Describe peer-to-peer file sharing and risks • Describe encapsulation techniques including DNS tunneling • Explain how to prevent attackers from modifying a device's software image • Explore how attackers leverage DNS in their attacks • Analyze data for investigation of a security event. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

What's included

21 videos64 readings24 quizzes1 discussion prompt

If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you identify patterns of suspicious behavior. By the end of the course, you will be able to: • Explain the purpose of baselining the network activities • Explain how to use the established baseline to identify anomalies and suspicious behaviors • Explain the basic concepts of performing PCAP analysis • Explain the use of a sandbox to perform file analysis • Investigate suspicious activity using the tools within Security Onion. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

What's included

6 videos7 readings5 quizzes

Instructor

Cisco Learning & Certifications
12 Courses21,248 learners

Offered by

Recommended if you're interested in Security

Why people choose Coursera for their career

Felipe M.
Learner since 2018
"To be able to take courses at my own pace and rhythm has been an amazing experience. I can learn whenever it fits my schedule and mood."
Jennifer J.
Learner since 2020
"I directly applied the concepts and skills I learned from my courses to an exciting new project at work."
Larry W.
Learner since 2021
"When I need courses on topics that my university doesn't offer, Coursera is one of the best places to go."
Chaitanya A.
"Learning isn't just about being better at your job: it's so much more than that. Coursera allows me to learn without limits."

Learner reviews

Showing 3 of 13

4.9

13 reviews

  • 5 stars

    92.85%

  • 4 stars

    7.14%

  • 3 stars

    0%

  • 2 stars

    0%

  • 1 star

    0%

CB
5

Reviewed on Mar 22, 2024

New to Security? Start here.

Placeholder

Open new doors with Coursera Plus

Unlimited access to 7,000+ world-class courses, hands-on projects, and job-ready certificate programs - all included in your subscription

Advance your career with an online degree

Earn a degree from world-class universities - 100% online

Join over 3,400 global companies that choose Coursera for Business

Upskill your employees to excel in the digital economy

Frequently asked questions