Detailed Course Outline
Course Introduction
- Introductions and course logistics
- Course objectives
Data Flows and Communication
- Hardware and software requirements
- Architecture
- Data flows
Searching Data
- Creating searches
- Analyzing events
- Search operators
- Advanced queries
Policy Components
- Rules
- Local scanner
- Sensor capabilities
Prevention Capabilities Using Rules
- Rule types
- Rule creation
- Reputation priority
- Configuring rules
- Evaluating rule impact
Processing Alerts
- Alert triage
- Alert actions
Response Capabilities
- Using quarantine
- Using live response
- Hash banning