Intrusion Analysis Overview

The Cisco CCNA Cybersecurity certification covers a wide range of topics, from incident response and SOC operations to intrusion analysis and threat hunting. In this course, we’ll be focusing on a general overview of intrusion analysis and incident response. We’ll take a look at the planning that goes into incident response, including recommended policies that should be a part of any incident response plan. From there, we’ll go over the actual incident response process and the common activities in each phase of incident response, including how information sharing factors into the process. We will then talk about different types of common incident response teams, from the smaller internal IR teams in organizations to the national CERTs. We’ll wrap up the incident response section by looking at common security event artifacts that are frequently seen in many types of events. From there, we’ll look at threat hunting; starting with an overview of what threat hunting is and why it’s useful, and then the threat hunting process and steps, including how organizations can gauge the maturity level of their threat hunting programs. We’ll then wrap up the course by looking at the MITRE ATT&CK framework; what it is, and how it can be used to assist in threat-hunting programs, and also with incident response and intrusion analysis.