Incident Response: Containment, Eradication and Recovery

Walking into an incident response situation can be intimidating. This course will teach you how to leverage the information gained from network and host analysis to limit the impact of the incident, and root out an attacker from your environment.

In an incident response scenario, it’s hard to know where to start. In this course, Incident Response: Detection and Analysis, you’ll learn to how to accomplish the first phase of an incident response scenario, the initial detection and analysis. First, you’ll validate and confirm that a reported event is, indeed, a security incident. Next, you’ll collect initial triage data used for developing IOC detections. Finally, you’ll learn how to assess and gather network event and host data for deeper analysis. When you’re finished with this course, you’ll have answered some initial, and critical, questions around the event, as well as come up with a lot more based on the collected triage data collected, and be able to move into the next phase of incident response.

• Root Cause and Scope 26mins
• Network Segmentation 12mins
• Eradication of Malicious Files 10mins
• Recovery 8mins
• Lessons Learned 7mins