全部課程
電腦科學

SOC Operations, Security Monitoring, and Incident Response

甄選並驗證:Aarav Deshmukh, Cybersecurity Engineer, Honeywell
學習時長:約 11 小時
授課語言English · 简体中文 · Español
US$22.00永久存取
結業證書可驗證 · 可分享
預覽

It is 2 a.m. and the queue has forty unread alerts. One of them is a real intrusion. The other thirty-nine are noise. Which one do you open first, and how do you know? That question — not a memorized list of attacks — is what this course trains you to answer. You learn one repeatable loop and run it on everything that lands in front of you: read the alert and decide if it is a true positive, a false positive, or a benign true positive; enrich it until the picture is clear; investigate across the telemetry that actually holds the answer — endpoint and EDR, Windows logs and Sysmon, network and DNS, identity and cloud; build a timeline, scope the blast radius, and then respond in the right order, because containing the wrong host first can destroy your evidence and tip off the attacker. We work the alerts you will really see: a phishing email that turns into an account takeover, encoded PowerShell spawning from Word on a finance laptop, lateral movement to a file server, beaconing buried in DNS traffic. For each you practice the pivots, the verdict, and the first response move — then how to write it up so anyone can follow it, and how to escalate with enough context that the next tier doesn't start over. The frameworks working analysts actually use are here too — the Cyber Kill Chain, MITRE ATT&CK, the Diamond Model, the Pyramid of Pain, and the SANS incident-response lifecycle — taught as lenses, not trivia. And the course is honest about what most training skips: alert fatigue is real, blameless review is how teams improve, and a missed alert is a gap to close, not a person to blame. If you are aiming for a Tier 1 SOC seat, or moving up from help-desk or IT, this is the shift, rehearsed before you walk in.

課程目錄

關於課程作者

Aarav Deshmukh
Aarav Deshmukh
Cybersecurity Engineer, Honeywell

Aarav Deshmukh is the person organizations call when the dashboard turns red—and, increasingly, before it ever does. Across financial services, healthcare, and cloud software, he has progressed from investigating alerts in security operations centers to designing defenses for entire technology environments. Her experience spans threat hunting, penetration testing, digital forensics, malware analysis, identity and access management, cloud architecture, and secure software development, complemented by responsibility for audits, incident exercises, and executive breach briefings. Aarav has rebuilt detection programs, embedded security reviews into engineering pipelines, and converted complex regulatory requirements into controls that technical teams can realistically maintain. He judges a security program not by the number of tools it owns, but by how quickly it can recognize an attack, contain the damage, and continue operating.

評價 (1)

5 / 5
  • glowing_beetle

    很实用,推荐!