جستجو برای:
  • تقویم آموزشی
  • آموزش
    • آموزش آنلاین
    • آموزش آفلاین
  • لابراتوار آنلاین
  • وبینارها
    • پایتون برای هر چیزی
    • وبینار معرفی پیش نیاز های دوره های امنیت
    • وبینار معرفی دوره جامع Cisco Collaboration
    • وبینار معرفی دوره مهندسی پایتون
    • ذهنیت ها و تکنیک های چابکی برای توانمندسازی it
    • راه اندازی IP Telephony سیسکو در شبکه های سازمانی
    • وبینار Infrastructure as Code
    • وبینار امنیت سیستم های کنترل صنعتی
    • وبینار معرفی مرکز عملیات امنیت
    • وبینار ربات نویسی تلگرام با پایتون
    • وبینار نفوذ و گرفتن دسترسی از تلگرام
    • وبینار اصول نظارت بر شبکه های مخابراتی با رویکرد رگولاتوری
    • وبینار CSCU
    • وبینار Container on Wheels
    • وبینار مسیر آموزشی SANS
    • وبینار پدافند غیرعامل
    • وبینار Wazuh
  • بین الملل
    • ورود و ثبت نام کاربران
    • آموزشگاه های بین المللی
    • آزمون های بین المللی
  • دوره ها
    • امنیت
      • EC-Council
      • F5
      • Fortinet
      • ISACA
      • ISC2
      • Juniper
      • Payment Security
      • SANS
      • SCADA
      • Secure coding
      • SOC
      • Splunk
    • بانک اطلاعاتی
      • Oracle
      • SQL Server
    • برنامه نویسی
      • IOS
      • programming & Web
    • ذخیره و بازیابی اطلاعات
      • Big Data
      • EMC
      • HP
      • Netbackup
      • veeam
    • شبکه
      • Cisco Old Level
      • Cisco New Level
      • CompTIA
      • EPI
      • Linux
      • Microsoft
      • Mikrotik
      • SolarWinds
    • کارکنان دولت
    • مجازی سازی
      • Cloud computing
      • Hyper-V
      • VMWare
      • AWS
      • Azure
    • Devops
    • مخابرات
    • مدیریت فناوری اطلاعات
      • ISO 27001
      • IT Management
      • Project Management
    • ارزهای دیجیتال
    • ویژه دوران
      • کارگاه ها و سمینارها
      • محصولات دوران
  • کتابخانه
  • پادکست
  • ویدئوها
 
  • 02143585
  • دعوت به همکاری
  • درباره ما
  • تماس با ما
  • گروه دوران
  • دورتال
  • بلاگ
دوران آکادمی
دسته بندی‌ دوره‌ها
  • شبکه
    • Microsoft
    • SolarWinds
    • CompTIA
    • Cisco Old Level
      • Cisco New Level
    • Mikrotik
    • Linux
    • EPI
  • مخابرات
    • مخابرات
  • امنیت
    • ISC2
    • F5
    • EC-Council
    • Juniper
    • SOC
    • Fortinet
    • SANS
    • SCADA
    • ISACA
    • Secure coding
    • Payment Security
    • Splunk
  • مجازی سازی
    • Hyper-V
    • Cloud computing
    • VMWare
    • AWS
    • Azure
  • Devops
    • Devops
  • مدیریت فناوری اطلاعات
    • ISO 27001
    • IT Management
    • Project Management
  • برنامه نویسی
    • IOS
    • programming & Web
  • ذخیره و بازیابی اطلاعات
    • Big Data
    • HP
    • EMC
    • Netbackup
    • veeam
  • بانک اطلاعاتی
    • Oracle
    • SQL Server
  • دیجیتال مارکتینگ
    • دیجیتال مارکتینگ
  • ارزهای دیجیتال
    • ارزهای دیجیتال
  • ویژه دوران
    • کارگاه ها و سمینارها
    • محصولات دوران
    • کارکنان دولت
0

ورود و ثبت نام

  • صفحه اصلی
  • تقویم آموزشی
  • آموزش آنلاین
  • لابراتوار آنلاین
  • وبینارها
    • پایتون برای هر چیزی
    • وبینار معرفی پیش نیاز های دوره های امنیت
    • وبینار معرفی دوره جامع Cisco Collaboration
    • وبینار معرفی دوره مهندسی پایتون
    • ذهنیت ها و تکنیک های چابکی برای توانمندسازی it
    • راه اندازی IP Telephony سیسکو در شبکه های سازمانی
    • وبینار Infrastructure as Code
    • وبینار امنیت سیستم های کنترل صنعتی
    • وبینار معرفی مرکز عملیات امنیت
    • وبینار ربات نویسی تلگرام با پایتون
    • وبینار نفوذ و گرفتن دسترسی از تلگرام
    • اصول نظارت بر شبکه های مخابراتی
    • وبینار CSCU
    • وبینار Container on Wheels
    • وبینار مسیر آموزشی SANS
    • وبینار پدافند غیرعامل
    • وبینار Wazuh
  • بین الملل
    • آموزشگاه های بین المللی
    • آزمون های بین المللی
  • فرم پیش ثبت نام
  • کتابخانه
  • پادکست
  • ویدئوها

دوره آموزش Blue Team Operations Level2

خانهامنیتSANSدوره آموزش Blue Team Operations Level2
blue team operations - part2
حالت مطالعه

Blue Team or Cyber Defense Package (Level2) Syllabus

Package Duration : 120 H

SEC511,SEC530,SEC555

 

SEC511: Continuous Monitoring and Security Operations

SEC511.1 : Current State Assessment , Security Operations Center ,and Security

  • Traditional Security Architecture
    • Perimeter-focused
    • Addressed Layer 3/4
    • Centralized Information Systems
    • Prevention-Oriented
    • Device-driven
    • Traditional Attack Techniques

     

  • Modern Security Architecture Principles
    • Detection-oriented
    • Post-Exploitation-focused
    • Decentralized Information Systems/Data
    • Risk-informed
    • Layer 7 Aware
    • Security Operations Centers
    • Network Security Monitoring
    • Continuous Security Monitoring
    • Modern Attack Techniques
    • Adversarial Dominance
  • Frameworks and Enterprise Security Architecture
    • Enterprise Security Architecture
    • Security Frameworks
  • Security Architecture – Key Techniques/Practices
    • Threat Vector Analysis
    • Data Exfiltration Analysis
    • Detection Dominant Design
    • Intrusion Kill Chain
    • Visibility Analysis
    • Data Visualization
    • Lateral Movement Analysis
    • Data Ingress/Egress Mapping
    • Internal Segmentation
    • Network Security Monitoring
    • Continuous Security Monitoring
  • Security Operations Center (SOC)
    • Purpose of a SOC
    • Key SOC roles
    • Relationship to Defensible Security Architecture

SEC511.2 : Network Security Architecture

  • SOCs/Security Architecture – Key Infrastructure Devices
    • Traditional and Next- Generation Firewalls, and NIPS
    • Web Application Firewall
    • Malware Detonation Devices
    • HTTP Proxies, Web Content Filtering, and SSL/TLS Decryption
    • SIEMs, NIDS, Packet Captures, and DLP
    • Honeypots/Honeynets
    • Network Infrastructure – Routers, Switches, DHCP, DNS
    • Mobile Devices and Wireless Access Points
    • Threat Intelligence
  • Segmented Internal Networks
    • Routers
    • Internal SI Firewalls
    • VLANs
    • Detecting the Pivot
    • DNS architecture
    • Encrypted DNS including DNS over HTTPS (DoH) and DNS over TLS (DoT)
  • Defensible Network Security Architecture Principles Applied
    • Internal Segmentation
    • Threat Vector Analysis
    • Data Exfiltration Analysis
    • Detection Dominant Design
    • Zero Trust Model (Kindervag)
    • Intrusion Kill Chain
    • Visibility Analysis
    • Data Visualization
    • Lateral Movement Analysis
    • Data Ingress/Egress Mapping

SEC511.3 : Network Security Monitoring

  • Continuous Monitoring Overview
    • Defined
    • Network Security Monitoring (NSM)
    • Continuous Security Monitoring (CSM)
    • Continuous Monitoring and the 20 Critical Security Controls
  • Network Security Monitoring (NSM)
    • Evolution of NSM
    • The NSM Toolbox
    • NIDS Design
    • Analysis Methodology
    • Understanding Data Sources
      • Full Packet Capture
      • Extracted Data
      • String Data
      • Flow Data
      • Transaction Data
      • Statistical Data
      • Alert Data
      • Tagged Data
      • Correlated Data
    • Cloud NSM
    • Practical NSM Issues
    • Cornerstone NSM
      • Service-Side and Client-Side Exploits
      • Identifying High-Entropy Strings
      • Tracking EXE Transfers
      • Identifying Command and Control (C2) Traffic
      • Tracking User Agents
      • C2 via HTTPS
      • Tracking Encryption Certificates

SEC511.4 : Endpoint Security Architecture

  • Security Architecture – Endpoint Protection
    • Anti-Malware
    • Host-based Firewall, Host-based IDS/IPS
    • Application Control, Application Virtualization
    • Privileged Accounts, Authentication, Monitoring, and UAC
    • Virtual Desktop Infrastructure
    • Browser Security
    • EMET and Defender Exploit Guard
  • Patching
    • Process
    • To Test or Not to Test
    • Microsoft
    • Third-Party

SEC511.5 : Automation and Continuous Security Monitoring

  • Overview
    • Continuous Security Monitoring (CSM) vs. Continuous Diagnostics and Mitigation (CDM) vs. Information Security Continuous Monitoring (ISCM)
    • Cyberscope and SCAP
  • Industry Best Practices
    • Continuous Monitoring and the 20 CIS Critical Security Controls
    • Australian Signals Directorate (ASD) Strategies to Mitigate Targeted Cyber Intrusions
  • Winning CSM Techniques
  • Maintaining Situational Awareness
  • Host, Port, and Service Discovery
  • Vulnerability Scanning
  • Monitoring Patching
  • Monitoring Applications
  • Monitoring Service Logs
    • Detecting Malware via DNS logs
  • Monitoring Change to Devices and Appliances
  • Leveraging Proxy and Firewall Data
  • Configuring Centralized Windows Event Log Collection
  • Monitoring Critical Windows Events
    • Hands-on: Detecting Malware via Windows Event Logs
  • Scripting and Automation
    • Importance of Automation
    • PowerShell
    • DeepBlueCLI
    • Hands-on: Detecting Malicious Registry Run Keys with PowerShell

 

SEC530: Defensible Security Architecture and Engineering

SEC530.1 : Defensible Security Architecture and Engineering

  • Traditional Security Architecture Deficiencies
    • Emphasis on Perimeter/Exploitation
    • Lack of a True Perimeter (“De-perimeterization” as a Result of Cloud/Mobile)
    • The Internet of Things
    • Predominantly Network-centric
  • Defensible Security Architecture
    • Mindset
      • Presumption of Compromise
      • De-perimeterization
      • Predominantly Network-centric
    • Models
      • Zero-Trust Model (Kindervag – Forrester)
      • Intrusion Kill Chain
      • Diamond Model of Intrusion Analysis
    • Software-defined Networking and Virtual Networking
    • Micro-Segmentation
  • Threat, Vulnerability, and Data Flow Analysis
    • Threat Vector Analysis
      • Data Ingress Mapping
    • Data Exfiltration Analysis
      • Data Egress Mapping
    • Detection Dominant Design
    • Attack Surface Analysis
    • Visibility Analysis
  • Layer 1 Best Practices
    • Network Closets
    • Penetration Testing Dropboxes
    • USB Keyboard Attacks (Rubber Ducky)
  • Layer 2 Best Practices
    • VLANs
      • Hardening
      • Private VLANs
    • Layer 2 Attacks and Mitigation
  • NetFlow
    • Layer 2 and 3 NetFlow
    • NetFlow, Sflow, Jflow, VPC Flow, Suricata and Endpoint Flow

SEC530.2 : Network Security Architecture and Engineering

  • Layer 3: Router Best Practices
    • CIDR and Subnetting
  • Layer 3 Attacks and Mitigation
    • IP Source Routing
    • ICMP Attacks
    • Unauthorized Routing Updates
    • Securing Routing Protocols
    • Unauthorized Tunneling (Wormhole Attack)
  • Layer 2 and 3 Benchmarks and Auditing Tools
    • Baselines
      • CISecurity
      • Cisco’s Best Practices
      • Cisco Autosecure
      • DISA STIGs
      • Nipper-ng
    • Securing SNMP
      • SNMP Community String Guessing
      • Downloading the Cisco IOS Config via SNMP
      • Hardening SNMP
      • SNMPv3
    • Securing NTP
      • NTP Authentication
      • NTP Amplification Attacks
    • Bogon Filtering, Blackholes, and Darknets
      • Bogon Filtering
      • Monitoring Darknet Traffic
      • Building an IP Blackhole Packet Vacuum
    • IPv6
      • Dual-Stack Systems and Happy Eyeballs
      • IPv6 Extension Headers
      • IPv6 Addressing and Address Assignment
    • Securing IPv6
      • IPv6 Firewall Support
      • Scanning IPv6
      • IPv6 Tunneling
      • IPv6 Router Advertisement Attacks and Mitigation
    • VPN
      • Path MTU Issues
      • Fragmentation Issues Commonly Caused by VPN
    • Layer 3/4 Stateful Firewalls
      • Router ACLs
      • Linux and BSD Firewalls
      • pfSense
      • Stateful
    • Proxy
      • Web Proxy
      • SMTP Proxy
        • Augmenting with Phishing Protection and Detection Mechanisms
      • Explicit vs. Transparent
      • Forward vs. Reverse

SEC530.3 : Network-Centric Security

  • NGFW
    • Application Filtering
    • Implementation Strategies
  • NIDS/NIPS
    • IDS/IPS Rule Writing
    • Snort
    • Suricata
    • Bro
  • Network Security Monitoring
    • Power of Network Metadata
    • Know Thy Network
  • Sandboxing
    • Beyond Inline
    • Integration with Endpoint
    • Feeding the Sandbox Potential Specimens
    • Malware Detonation Devices
  • Encryption
    • The “Encrypt Everything” Mindset
      • Internal and External
    • Free SSL/TLS Certificate Providers
    • SSL/SSH Inspection
    • SSL/SSH Decrypt Dumps
    • SSL Decrypt Mirroring
    • Certificate Pinning
      • Malware Pins
    • HSTS
    • Crypto Suite Support
      • Qualys SSL Labs
    • Secure Remote Access
      • Access into Organization
      • Dual Factor for All Remote Access (and More)
        • Google Authenticator/TOTP: Open Authentication
      • IPSec VPNs
      • SSH VPNs
      • SSL/TLS VPN
      • Jump Boxes
    • Distributed Denial-of-Service
      • Impact of Internet of Things
      • Types of Attacks
      • Mitigation Techniques

SEC530.4 : Data-Centric Security

  • Application (Reverse) Proxies
  • Full Stack Security Design
    • Web Server
    • App Server
    • DB Server
  • Web Application Firewalls
    • Whitelisting and Blacklisting
    • WAF Bypass
    • Normalization
    • Dynamic Content Routing
  • Database Firewalls/Database Activity Monitoring
    • Data Masking
    • Advanced Access Controls
    • Exfiltration Monitoring
  • File Classification
    • Data Discovery
      • Scripts vs. Software Solutions
      • Find Sensitive Data in Databases or Files/Folders
      • Advanced Discovery Techniques such as Optical Character Recognition Scanning of Pictures and Saved Scan Files
    • Methods of Classification
    • Dynamic Access Control
  • Data Loss Prevention (DLP)
    • Network-based
    • Endpoint-based
    • Cloud Application Implementations
  • Data Governance
    • Policy Implementation and Enforcement
    • Access Controls vs. Application Enforcement and Encryption
    • Auditing and Restrictions
  • Mobile Device Management (MDM) and Mobile Application Management (MAM)
    • Security Policies
    • Methods for Enforcement
    • End-user Experience and Impact
  • Private Cloud Security
    • Securing On-premises Hypervisors (vSphere, Xen, Hyper-V)
    • Network Segmentation (Logical and Physical)
    • VM Escape
    • Surface Reduction
    • Visibility Advantages
  • Public Cloud Security
    • SaaS vs. PaaS vs. IaaS
    • Shared Responsibility Implications
    • Cloud Strengths and Weaknesses
    • Data Remanence and Lack of Network Visibility
  • Container Security
    • Impact of Containers on On-premises or Cloud Architectures
    • Security Concerns
    • Protecting against Container Escape

SEC530.5 : Zero-Trust Architecture : Addressing the Adversaries Already in our Networks

  • Zero Trust Architecture
    • Why Perimeter Security Is Insufficient
    • What Zero Trust Architecture Means
    • “Trust but Verify” vs. “Verify then Trust”
    • Implementing Variable Access
    • Logging and Inspection
    • Network Agent-based Identity Controls
  • Credential Rotation
    • Certificates
    • Passwords and Impact of Rotation
    • Endpoints
  • Compromised Internal Assets
    • Pivoting Adversaries
    • Insider Threat
  • Securing the Network
    • Authenticating and Encrypting Endpoint Traffic
    • Domain Isolation (Making Endpoint Invisible to Unauthorized Parties)
    • Mutual TLS
    • Single Packet Authorization
  • Tripwire and Red Herring Defenses
    • Honeynets, Honeypots, and Honeytokens
    • Single Access Detection Techniques
    • Proactive Defenses to Change Attacker Tool Behaviors
    • Increasing Prevention Capabilities while Adding Solid Detection
  • Patching
    • Automation via Scripts
  • Deputizing Endpoints as Hardened Security Sensors
    • End-user Privilege Reduction
    • Application Whitelisting
    • Host Hardening
      • EMET
    • Host-based IDS/IPS
      • As Tripwires
    • Endpoint Firewalls
      • Pivot Detection
    • Scaling Endpoint Log Collection/Storage/Analysis
      • How to Enable Logs that Matter
      • Designing for Analysis Rather than Log Collection

 

SEC555: SIEM with Tactical Analytics

SEC555.1 : SIEM Architecture

  • State of the SOC/SIEM
    • Industry statistics
    • Industry problems
  • Log Monitoring
    • Assets
      • Windows/Linux
      • Network devices
      • Security devices
    • Data gathering strategies
    • Pre-planning
  • Logging architecture
    • Log inconsistencies
    • Log collection and normalization
    • Log retention strategies
    • Correlation and gaining context
    • Reporting and analytics
    • Alerting
  • SIEM platforms
    • Commercial solutions
    • Home-grown solutions
  • Planning a SIEM
    • Ingestion control
    • What to collect
    • Mission
  • SIEM Architecture
  • Ingestion techniques and nodes
  • Acceptance and manipulation for value
  • Augmentation of logs for detection
  • Data queuing and resiliency
  • Storage and speed
  • Analytical reporting
    • Visualizations
    • Detection Dashboards

SEC555.2 : Service Profiling with SIEM

  • Detection methods and relevance to log analysis
    • Attacker patterns
    • Attacker behaviors
    • Abnormalities
  • Analyzing common application logs that generate tremendous amounts of data
    • DNS
      • Finding new domains being accessed
      • Pulling in addition information such as domain age
      • Finding randomly named domains
      • Discover domain shadowing techniques
      • Identifying recon
      • Find DNS C2 channels
    • HTTP
      • Use large datasets to find attacks
      • Identify bot traffic hiding in the clear
      • Discover requests that users do not make
        • Find ways to filter out legitimate noise
      • Use attacker randomness against them
      • Identify automated activity vs user activity
      • Filter approved web clients vs unauthorized
      • Find HTTP C2 channels
    • HTTPS
      • Alter information for large scale analysis
      • Analyze certificate fields to identify attack vectors
      • Track certificate validity
      • Apply techniques that overlap with standard HTTP
      • Find HTTPS C2 channels
    • SMTP
      • Identify where unauthorized email is coming from
      • Find compromised mail services
      • Fuzzy matching likely phishing domains
      • Data exfiltration detection
    • Apply threat intelligence to generic network logs
    • Active Dashboards and Visualizations
      • Correlate network datasets
      • Build frequency analysis tables
      • Establish network baseline activity

SEC555.3 : Advanced Endpoint Analytics

  • Endpoint logs
    • Understanding value
    • Methods of collection
      • Agents
      • Agentless
      • Scripting
    • Adding additional logging
      • EMET
      • Sysmon
      • Group Policy
    • Windows filtering and tuning
    • Analyze critical events based on attacker patterns
      • Finding signs of exploitation
      • Find signs of internal reconnaissance
      • Finding persistence
      • Privilege escalation
      • Establishing a foothold
      • Cleaning up tracks
    • Host-based firewall logs
      • Discover internal pivoting
      • Identify unauthorized listening executables
      • See scan activity
    • Credential theft and reuse
      • Multiple failed logons
      • Unauthorized account use
    • Monitor PowerShell
      • Configure PowerShell logging
      • Identify obfuscation
      • Identify modern attacks
    • Containers
      • Logging methods
      • Monitoring

SEC555.4 : Baselining and User Behavior Monitoring

  • Identify authorized and unauthorized assets
    • Active asset discovery
      • Scanners
      • Network Access Control
    • Passive asset discovery
      • DHCP
      • Network listeners such as p0f, bro, and prads
      • NetFlow
      • Switch CAM tables
    • Combining asset inventory into a master list
    • Adding contextual information
      • Vulnerability data
      • Authenticated device vs unauthenticated device
    • Identify authorized and unauthorized software
      • Source collection
        • Asset inventory systems
        • Patching management
        • Whitelisting solutions
        • Process monitoring
      • Discovering unauthorized software
    • Baseline data
      • Network data (from netflow, firewalls, etc)
        • Use outbound flows to discover unauthorized use or assets
        • Compare expected inbound/outbound protocol
        • Find persistence and beaconing
        • Utilize geolocation and reverse dns lookups
        • Establish device-to-device relationships
        • Identify lateral movement
        • Configure outbound communication thresholds
      • Monitor logons based on patterns
        • Time-based
        • Concurrency of logons
          • # logons by user
          • # logons by source device
          • Multiple geo locations
        • Endpoint baseline monitoring
          • Configure enterprise wide baseline collection
          • Large scale persistence monitoring
          • Finding abnormal local user accounts
          • Discover dual-homed devices
        • Cloud baselining (Example in class uses Amazon AWS)

SEC555.5 : Tactical SIEM Detection and Post-Mortem Analysis

  • Centralize NIDS and HIDS alerts
  • Analyze endpoint security logs
    • Provide alternative analysis methods
    • Configure tagging to facilitate better reporting
  • Augment intrusion detection alerts
    • Extract CVE, OSVDB, etc for further context
    • Pull in rule info and other info such as geo
  • Analyze vulnerability information
    • Setup vulnerability reports
    • Correlate CVE, OSVDB, and other unique IDs with IDS alerts
    • Prioritize IDS alerts based on vulnerability context
  • Correlate malware sandbox logs with other systems to identify victims across enterprise
  • Monitor Firewall Activity
    • Identify scanning activity on inbound denies
    • Apply auto response based on alerts
    • Find unexpected outbound traffic
    • Baseline allow/denies to identify unexpected changes
    • Apply techniques to filter out noise in denied traffic
  • SIEM tripwires
    • Configure systems to generate early log alerts after compromise
      • Identify file and folder scan activity
      • Identify user token stealing
      • Operationalize virtual honeypots with central logging
      • Allow phone home tracking
    • Post mortem analysis
      • Re-analyze network traffic
        • Identify malicious domains and IPs
        • Look for beaconing activity
      • Identify unusual time-based activity
      • Use threat intel to reassess previous data fields such as user-agents
      • Utilize hashes in log to constantly re-evaluate for known bad files

 

 

برچسب: آموزش Blue Team آموزش SANS آموزش تیم دفاعی دوره Blue Team دوره SANS دوره تیم دفاعی

دوره های مرتبط

دوره CHFI

دوره آموزش CHFI

SharePoint یکی از محصولات تحت وب شرکت مایکروسافت است که اولین بار در سال ۲۰۰۱ ارائه شد SharePoint که با مجموعه آفیس مایکروسافت یکپارچه است.

دوره برنامه نویسی امن ECSP

دوره آموزش برنامه نویسی امن ECSP

SharePoint یکی از محصولات تحت وب شرکت مایکروسافت است که اولین بار در سال ۲۰۰۱ ارائه شد SharePoint که با مجموعه آفیس مایکروسافت یکپارچه است.

دوره PWK

دوره آموزش PWK

SharePoint یکی از محصولات تحت وب شرکت مایکروسافت است که اولین بار در سال ۲۰۰۱ ارائه شد SharePoint که با مجموعه آفیس مایکروسافت یکپارچه است.

دوره IOS Pentest

دوره آموزش IOS Pentest

SharePoint یکی از محصولات تحت وب شرکت مایکروسافت است که اولین بار در سال ۲۰۰۱ ارائه شد SharePoint که با مجموعه آفیس مایکروسافت یکپارچه است.

chat_bubble_outlineنظرات

قوانین ثبت دیدگاه

  • دیدگاه های فینگلیش تایید نخواهند شد.
  • دیدگاه های نامرتبط به مطلب تایید نخواهد شد.
  • از درج دیدگاه های تکراری پرهیز نمایید.
  • امتیاز دادن به دوره فقط مخصوص دانشجویان دوره می باشد.

لغو پاسخ

نشانی ایمیل شما منتشر نخواهد شد. بخش‌های موردنیاز علامت‌گذاری شده‌اند *

قیمت :

تماس با ما

امتیاز
0 از 0 رأی
بدون امتیاز 0 رای
تماس با ما
تعداد دانشجو : 0
پیش نیاز: Blue Team Operations Level 1
120
2.41k بازدید 0 دیدگاه
محتوا پنهان
1 Blue Team or Cyber Defense Package (Level2) Syllabus
1.1 SEC511,SEC530,SEC555
1.2 SEC511: Continuous Monitoring and Security Operations
1.2.1 SEC511.1 : Current State Assessment , Security Operations Center ,and Security
1.2.2 SEC511.2 : Network Security Architecture
1.2.3 SEC511.3 : Network Security Monitoring
1.2.4 SEC511.4 : Endpoint Security Architecture
1.2.5 SEC511.5 : Automation and Continuous Security Monitoring
1.3 SEC530: Defensible Security Architecture and Engineering
1.3.1 SEC530.1 : Defensible Security Architecture and Engineering
1.3.2 SEC530.2 : Network Security Architecture and Engineering
1.3.3 SEC530.3 : Network-Centric Security
1.3.4 SEC530.4 : Data-Centric Security
1.3.5 SEC530.5 : Zero-Trust Architecture : Addressing the Adversaries Already in our Networks
1.4 SEC555: SIEM with Tactical Analytics
1.4.1 SEC555.1 : SIEM Architecture
1.4.2 SEC555.2 : Service Profiling with SIEM
1.4.3 SEC555.3 : Advanced Endpoint Analytics
1.4.4 SEC555.4 : Baselining and User Behavior Monitoring
1.4.5 SEC555.5 : Tactical SIEM Detection and Post-Mortem Analysis
دسته: SANS، امنیت
اطلاعات تماس
  • خیابان بهشتی، خیابان پاکستان، خیابان حکیمی پلاک ۱۲
  • 02143585 داخلی 264 و 257 و 269
  • 02143585555
پیوندهای مهم
  • گالری
  • مجوزها
  • فرم پیش ثبت نام
  • مشتریان
  • فرم درخواست مدرک
  • لابراتوار آنلاین
  • در حال تکمیل ظرفیت
  • سند راهبردی آموزش
  • بلاگ
تمامی حقوق برای آکادمی دوران محفوظ می باشد.

کمپ نوروز 1402 با تخفیف ویژه ( کلیک کنید)

ورود

رمز عبور را فراموش کرده اید؟

هنوز عضو نشده اید؟ عضویت در سایت