From the course: CompTIA SecurityX (CAS-005) Cert Prep
Join today to access over 24,300 courses taught by industry experts.
Detection and threat hunting
From the course: CompTIA SecurityX (CAS-005) Cert Prep
Detection and threat hunting
“
- For this lesson, I'm going to do a web Safari up to Splunk, powered by Cisco. Splunk Enterprise is probably the defacto tool we can use for SIEM systems and SOAR systems for threat hunting, for visibility. And so, I want you to familiarize yourself with this product. If you don't want to look at this product, then you might want to take a look at something like Azure Sentinel, which you would use maybe in a hybrid cloud solution. But you can see on this diagram here, we can use this Splunk solution with third-party tools. We can use it in the public cloud, we can use it in our own on-prem data center. Maybe we have our own private cloud where we have our own hypervisors, our own devices, and even with custom and third-party apps and services. So the core areas here are events, logs, metrics, and traces. These are the events and informational data that's collected by a SIEM system, and then the actions are to manage, search, federate, and automate. And we can have different types of…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Watch this course anytime, anywhere.
Get started with a free trial today.
Contents
-
-
(Locked)
Module 1: Governance, risk, and compliance introduction1m 32s
-
(Locked)
Learning objectives26s
-
(Locked)
Security program documentation6m 2s
-
Security program management14m 35s
-
(Locked)
Governance frameworks2m 25s
-
(Locked)
Change and configuration management5m 37s
-
(Locked)
Governance, risk, and compliance (GRC) tools4m 49s
-
(Locked)
Data governance in staging environments5m 38s
-
(Locked)
-
-
(Locked)
Learning objectives28s
-
(Locked)
Impact analysis2m 34s
-
(Locked)
Risk assessment and management11m 39s
-
(Locked)
Third-party risk management4m 54s
-
(Locked)
Availability risk considerations9m 56s
-
(Locked)
Confidentiality risk considerations9m 58s
-
(Locked)
Integrity risk considerations5m 30s
-
(Locked)
Privacy risk considerations6m 7s
-
Crisis management and breach response6m 40s
-
(Locked)
-
-
(Locked)
Learning objectives26s
-
(Locked)
Awareness of industry-specific compliance4m 7s
-
(Locked)
Industry standards2m 20s
-
Security and reporting frameworks5m 18s
-
(Locked)
Audits vs. assessments vs. certifications5m 4s
-
(Locked)
Privacy regulations3m 26s
-
(Locked)
Cross-jurisdictional compliance requirements10m 15s
-
(Locked)
-
-
(Locked)
Module 2: Security architecture introduction2m 33s
-
(Locked)
Learning objectives27s
-
(Locked)
Next-generation firewalls2m 2s
-
Intrusion detection/prevention systems7m 8s
-
(Locked)
VPNs and SDPs10m 50s
-
(Locked)
Network access control (NAC)4m 20s
-
(Locked)
Web application firewalls (WAF)2m 47s
-
(Locked)
Content delivery networks (CDN)3m 36s
-
(Locked)
Scanners, proxies, taps, and collectors8m 4s
-
(Locked)
Availability and integrity design considerations14m 27s
-
(Locked)
-
-
(Locked)
Learning objectives29s
-
(Locked)
Security requirements definition4m 37s
-
(Locked)
Software assurance9m 18s
-
(Locked)
Continuous integration/continuous deployment (CI/CD)11m 47s
-
Supply chain risk management4m 13s
-
(Locked)
Hardware assurance3m 20s
-
(Locked)
End-of-life (EOL) considerations1m 20s
-
(Locked)
-
-
(Locked)
Learning objectives30s
-
(Locked)
Attack surface management and reduction5m 59s
-
(Locked)
Detection and threat hunting2m 10s
-
(Locked)
Information and data security design3m 18s
-
(Locked)
Data loss prevention (DLP)3m 33s
-
Securing hybrid infrastructures4m 45s
-
(Locked)
Securing third-party integrations2m 53s
-
(Locked)
Assessing control effectiveness5m 41s
-
(Locked)
-
-
(Locked)
Learning objectives32s
-
(Locked)
Provisioning, proofing, and deprovisioning9m 34s
-
(Locked)
Access control systems4m 58s
-
(Locked)
Federation and SSO8m 11s
-
Zero trust PDPs and PEPs6m 31s
-
(Locked)
Access control models12m 8s
-
(Locked)
Public key infrastructure (PKI)11m 15s
-
(Locked)
Logging and auditing access control2m 50s
-
(Locked)
-
-
(Locked)
Learning objectives37s
-
(Locked)
Cloud service types and shared responsibility8m 6s
-
(Locked)
Cloud control strategies4m 2s
-
(Locked)
Serverless cloud solutions12m 28s
-
(Locked)
Infrastructure as code (IaC)3m 13s
-
(Locked)
Container security6m 4s
-
(Locked)
API security3m 54s
-
(Locked)
Cloud access security brokers (CASB)5m 3s
-
(Locked)
Key management services3m 49s
-
(Locked)
Cloud connectivity, integration, and adoption9m 8s
-
(Locked)
-
-
(Locked)
Learning objectives39s
-
Zero trust principles4m 55s
-
(Locked)
Defining subject-object relationships4m 9s
-
(Locked)
Continuous authorization and context-based reauthentication3m 41s
-
(Locked)
Zero trust network architecture4m 38s
-
(Locked)
API integration and validation3m 11s
-
(Locked)
Asset identification, management, and attestation2m 37s
-
(Locked)
Security boundaries and deperimeterization4m 20s
-
(Locked)
-
-
(Locked)
Module 3: Security engineering introduction4m 9s
-
(Locked)
Learning objectives33s
-
Subject access control7m 38s
-
(Locked)
Authentication and authorization16m 49s
-
(Locked)
Biometric factors14m 5s
-
(Locked)
Secrets management2m 42s
-
(Locked)
Conditional access6m 28s
-
(Locked)
Privileged identity management and attestation4m 22s
-
(Locked)
Cloud IAM access and trust policies3m 8s
-
(Locked)
Logging and monitoring IAM2m 36s
-
(Locked)
-
-
(Locked)
Learning objectives46s
-
(Locked)
Host-based IDS and IPS3m 55s
-
(Locked)
Endpoint detection and response (EDR)1m 51s
-
(Locked)
Next-generation EDR2m 12s
-
(Locked)
Attack surface monitoring and reduction4m 41s
-
(Locked)
Antimalware2m 55s
-
(Locked)
Host-based firewall and browser isolation3m 26s
-
(Locked)
SELinux3m 20s
-
(Locked)
Configuration management and application control7m 58s
-
(Locked)
Enterprise mobility management (MDM and MAM)6m 26s
-
Threat actor tactics, techniques, and procedures (TTPs)3m 17s
-
(Locked)
-
-
(Locked)
Learning objectives29s
-
(Locked)
Network misconfigurations10m 2s
-
(Locked)
IDS and IPS issues5m 15s
-
(Locked)
Domain name system (DNS) security6m 34s
-
(Locked)
Email security8m 13s
-
(Locked)
TLS and PKI issues4m 8s
-
(Locked)
Denial of service issues3m 29s
-
(Locked)
Network access control list (ACL) issues5m 3s
-
(Locked)
-
-
(Locked)
Learning objectives33s
-
(Locked)
Threat actor TTPs8m 47s
-
(Locked)
Roots of trust6m 42s
-
(Locked)
Security coprocessors4m 37s
-
(Locked)
Virtual and self-healing hardware3m 24s
-
(Locked)
Secure and measured boot3m 12s
-
(Locked)
Host-based encryption and self-encrypting drive (SED)3m 3s
-
(Locked)
Tamper detection and countermeasures4m 4s
-
(Locked)
-
-
(Locked)
Learning objectives38s
-
(Locked)
Characteristics of specialized and legacy systems4m 25s
-
(Locked)
Operational technology (OT)4m 42s
-
(Locked)
Internet of things (IoT)3m 17s
-
(Locked)
Embedded systems and system-on-chip (SoC)2m 22s
-
(Locked)
Wireless technologies and radio frequency (RF)7m 42s
-
(Locked)
Security and privacy considerations6m 47s
-
(Locked)
Industry-specific challenges7m
-
(Locked)
-
-
(Locked)
Learning objectives40s
-
(Locked)
Scripting and event-based triggers5m 6s
-
(Locked)
Infrastructure as code (IaC)2m 59s
-
Configuration files2m 31s
-
(Locked)
Cloud APIs andsoftware development kits (SDKs)4m 44s
-
(Locked)
Generative AI2m 30s
-
(Locked)
Containerization2m 56s
-
(Locked)
Automated patching and auto-containment4m 16s
-
(Locked)
Security orchestration, automation, and response (SOAR)7m 19s
-
(Locked)
Security content automation protocol (SCAP)7m 7s
-
(Locked)
-
-
(Locked)
Learning objectives35s
-
(Locked)
Post-quantum cryptography (PQC)5m 56s
-
(Locked)
Key stretching and splitting6m 18s
-
(Locked)
Homomorphic and envelope encryption2m 30s
-
(Locked)
Forward secrecy2m 52s
-
(Locked)
Authenticated encryption with associated data (AEAD)3m 18s
-
Hardware acceleration4m 28s
-
(Locked)
Mutual authentication and secure multiparty computation2m 51s
-
(Locked)
-
-
(Locked)
Learning objectives43s
-
(Locked)
Data in transit, rest, and use5m 32s
-
(Locked)
Data sanitization and anonymization7m 11s
-
(Locked)
Secure email with cryptography1m 43s
-
(Locked)
Non-repudiation5m 49s
-
(Locked)
Immutable databases and blockchain4m 55s
-
(Locked)
Legal, regulatory, and privacy considerations3m 49s
-
(Locked)
Passwordless authentication2m 19s
-
(Locked)
Software provenance and code integrity3m 40s
-
(Locked)
Survey of cryptographic techniques11m 57s
-
(Locked)
-
-
(Locked)
Module 4: Security operations introduction2m 7s
-
(Locked)
Learning objectives26s
-
(Locked)
Security information event management (SIEM)2m 47s
-
Aggregate data analysis5m 35s
-
(Locked)
Behavior baselines and analytics7m 48s
-
(Locked)
Incorporating diverse data sources11m 10s
-
(Locked)
Security alerting for data6m 16s
-
(Locked)
Reporting and metrics2m 39s
-
(Locked)
-
-
(Locked)
Learning objectives30s
-
(Locked)
Injection attacks6m 44s
-
(Locked)
Request forgery5m 53s
-
(Locked)
Unsafe memory utilization5m 28s
-
(Locked)
Race conditions5m 36s
-
(Locked)
Insecure configurations and improper patching7m 48s
-
(Locked)
Deserialization and confused deputy vulnerabilities5m 8s
-
(Locked)
Weak ciphers2m 12s
-
(Locked)
-
-
(Locked)
Learning objectives36s
-
(Locked)
Input validation, output encoding, and indexing6m 31s
-
Safe functions2m 55s
-
(Locked)
Updating and patching2m 11s
-
(Locked)
Security design patterns2m 43s
-
(Locked)
Least privilege, defense in depth, and segregation of duties6m 47s
-
(Locked)
Fail secure and fail safe5m 54s
-
(Locked)
Secrets management3m 8s
-
(Locked)
Encryption and code signing4m 3s
-
(Locked)
-
-
(Locked)
Learning objectives33s
-
(Locked)
Internal intelligence sources11m 15s
-
(Locked)
External intelligence sources4m 54s
-
(Locked)
Counterintelligence and operational security4m 40s
-
(Locked)
Threat intelligence platforms (TIPs)2m 51s
-
(Locked)
Indicator of compromise (IoC) sharing3m 19s
-
Indicators of attack3m 13s
-
(Locked)
Rule-based languages7m 36s
-
(Locked)
-
-
(Locked)
Learning objectives31s
-
(Locked)
Malware analysis9m 30s
-
(Locked)
Hardware analysis5m 29s
-
(Locked)
Reverse engineering3m 53s
-
(Locked)
Data recovery and extraction7m 42s
-
(Locked)
Root cause analysis and threat response8m 26s
-
Preparedness exercises6m 8s
-
(Locked)
Cloud workload protection program (CWPP)2m 2s
-
(Locked)