What will you learn in Sound the Alarm: Detection and Response Course
-
Understand the incident response lifecycle: detection, containment, eradication, recovery.
-
Learn SIEM/IDS tools—Suricata, Splunk, Chronicle—and analyze log signatures.
-
Capture and inspect network traffic with Wireshark/tcpdump to uncover threats.
-
Document incident investigations with playbooks and evidence management.
Program Overview
Module 1: Introduction to Detection & Response
⏳ ~3 hours
-
Topics: Incident lifecycle and team roles; SIEM/IDS introduction.
-
Hands-on: Videos, readings, and quizzes on incident concepts and documentation.
Module 2: Network Monitoring & Packet Analysis
⏳ ~4 hours
-
Topics: Using packet sniffers, TCP/IP fundamentals, applying filters.
-
Hands-on: Labs with tcpdump/Wireshark to detect malicious traffic.
Module 3: Incident Investigation & Response
⏳ ~4 hours
-
Topics: NIST framework steps—triage, containment, eradication, recovery; chain of custody.
-
Hands-on: VirusTotal investigations and response planning via playbooks.
Module 4: Log Analysis with SIEM/IDS
⏳ ~4 hours
-
Topics: SIEM tool usage, writing signatures, analyzing Suricata logs, and Chronicle/Splunk basics.
-
Hands-on: Labs querying SIEM, comparing log formats, and building detection logic.
Get certificate
Job Outlook
-
Prepares for roles like SOC Analyst, Incident Response Specialist, and Security Operations Engineer.
-
Suitable for entry-level cybersecurity positions and SOC environments.
