Incident Response Drills for Lv.2 Analyst: Volume 1 | Udemy

Incident Response Drills for Lv.2 Analyst: Volume 1 | Udemy
English | Size: 717.81 MB
Genre: eLearning

Volume 1 – Incident Response with Logs

What you’ll learn
Strong Analytical and Problem-Solving Skills
Monitor, analyze the output from the network and endpoint devices
Knowledge of log formats and ability to aggregate and parse log data for system logs and application logs for investigation purpose
Perform Root cause analysis (RCA) for the incidents and update the knowledge management
Respond to cyber security incidents through remediation efforts

A security analyst performs an incident response (IR) when a breach occurs in a company or organization. Cyber security incident is defined in various ways. Incidents that occur in information asset-related systems generally referred to by companies mean that an abnormal operation occurs in the system or application, or a phenomenon unintended by an outsider. Through cyber security incident response, system damage status and cause of incidents are analyzed and, in case of crime, information necessary to prove criminal activity is collected for the purpose of collecting evidence. Industrial espionage, in which an internal employee steals confidential documents or key drawings from a competitor or overseas, becomes a legal forensic area necessary for legal disputes.

This course covers investigation tips and guides for level 2 analysts. Usually, we use variety tools to identify threats from various security logs such as Web Applications, IDS and Network Packets. In this lab, you will have practical exercise to find the cause of a problem with 3 types of logs. All logs were reflected from real-world incident

IDS logs were filtered unnecessary column information for your exercise. It will provide Date Time, Tag Name, Source IP, Source Port, Destination IP and Destination Port.

Web log format comes from Microsoft Internet Information Services (IIS), were filtered unnecessary rows for your exercise. You will use 2 different log analysis tools – Log parser and Splunk.

Network packet logs were generated from the attack situation which was reproduced in the lab environment and collected in the network traffic in the lab environment.

The course will not cover the legal forensics domain. We will look at the basic knowledge and tools necessary to perform work as a level 2 analyst, and learn how to use analysis tools through hands-on practice. Intrusion incident analysis methods from a practical point of view required for intrusion response and analysis tasks in a company will be reviewed together. The basic task of a security analyst is to respond to security threats based on an understanding of network communication and applications. It analyzes the threat logs generated by various security devices to find attackers who are trying to break in, and directly changes the settings of security devices to prevent attacks.

Who this course is for:
Security Incident Response who learns about security incidents that occur due to mistakes made easily by server administrators and think about preventative measures.
Security team analysts who need to find and investigates the attack vectors on a system in the event of a security incident.
Security team/development team who are struggling with recurring security incidents even if the system is continuously reinstalled.

If any links die or problem unrar, send request to

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.