Conducting Threat Hunting and Defending using Cisco Technologies for Cybersecurity (CBRTHD)

• Define threat hunting and identify core concepts used to conduct threat hunting investigations
• Examine threat hunting investigation concepts, frameworks, and threat models
• Define cyber threat hunting process fundamentals
• Define threat hunting methodologies and procedures
• Describe network-based threat hunting
• Identify and review endpoint-based threat hunting
• Identify and review endpoint memory-based threats and develop endpoint-based threat detection
• Define threat hunting methods, processes, and Cisco tools that can be utilized for threat hunting
• Describe the process of threat hunting from a practical perspective
• Describe the process of threat hunt reporting

• Security Operations Center staff
• Security Operations Center (SOC) Tier 2 Analysts
• Threat Hunters
• Cyber Threat Analysts
• Threat Managers
• Risk Managements

The knowledge and skills you are expected to have before attending this training are:

• General knowledge of networks
• Cisco CCNP Security certification

These skills can be found in the following Cisco Learning Offerings:

• Implementing and Administering Cisco Solutions (CCNA)
• Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
• Performing CyberOps Using Cisco Security Technologies (CBRCOR)
• Conducting Forensic Analysis and Incident Response Using Cisco Technologies for CyberOps (CBRFIR)

• Threat Hunting Concepts
• Threat Hunting Types
• Conventional Threat Detection vs Threat Hunting

• Cybersecurity Concepts
• Common Threat Hunting Platforms
• Threat Hunting Frameworks
• Threat Modeling
• Case Study: Use the PASTA Threat Model

• Threat Hunting Approaches
• Threat Hunting Tactics and Threat Intelligence
• Defining Threat Hunt Scope and Boundaries
• Planning the Threat Hunt Process

• Investigative Thinking
• Identify Common Anolmalies
• Analyze Device and System Logs
• Determine the Best Threat Hunt Methods
• Automate the Threat Hunting Process

• Operational Security Considerations
• Performing Network Data Analysis and Detection Development
• Performing Threat Hunting in the Cloud

• Threat Hunting for Endpoint-Based Threats
• Acquiring Data from Endpoint
• Performing Host-Based Analysis

• Analyze Endpoint Memory
• Examining Systems Memory Using Forensics
• Developing Endpoint Detection Methods
• Uncovering New Threats, Indicators and Building TTPs

• Threat Hunting with Cisco Tools
• Cisco XDR Components

• Conducting a Threat Hunt

• Measure the Success of a Threat Hunt
• Report Your Findings
• Threat Hunting Outcomes

• Categorize Threats with MITRE ATTACK Tactics and Techniques
• Compare Techniques Used by Different APTs with MITRE ATTACK Navigator
• Model Threats Using MITRE ATTACK and D3FEND
• Prioritize Threat Hunting Using the MITRE ATTACK Framework and Cyber Kill Chain
• Determine the Priority Level of Attacks Using MITRE CAPEC
• Explore the TaHiTI Methodology
• Perform Threat Analysis Searches Using OSINT
• Attribute Threats to Adversary Groups and Software with MITRE ATTACK
• Emulate Adversaries with MITRE Caldera
• Find Evidence of Compromise Using Native Windows Tools
• Hunt for Suspicious Activities Using Open-Source Tools and SIEM
• Capturing of Network Traffic
• Extraction of IOC from Network Packets
• Usage of ELK Stack for Hunting Large Volumes of Network Data
• Analyzing Windows Event Logs and Mapping Them with MITRE Matrix
• Endpoint Data Acquisition
• Inspect Endpoints with PowerShell
• Perform Memory Forensics with Velociraptor
• Detect Malicious Processes on Endpoints
• Identify Suspicious Files Using Threat Analysis
• Conduct Threat Hunting Using Cisco Secure Firewall, Cisco Secure Network Analytics, and Splunk
• Conduct Threat Hunt Using Cisco XDR Control Center and Investigate
• Initiate, Conduct, and Conclude a Threat Hunt