Conducting Threat Hunting and Defending using Cisco Technologies for Cybersecurity (CBRTHD)

The Conducting Threat Hunting and Defending using Cisco Technologies for Cybersecurity (CBRTHD) training introduces and guides you to a proactive security search through networks, endpoints, and datasets to hunt for malicious, suspicious, and risky activities that may have evaded detection by existing tools. In this training, you will learn the core concepts, methods, and processes used in threat hunting investigations. This training provides an environment for attack simulation and threat hunting skill development using a wide array of security products and platforms from Cisco and third-party vendors.

This training prepares you for the 300-220 CBRTHD v1.0 exam. If passed, you earn the Cisco Certified Cybersecurity Specialist – Threat Hunting and Defending certification and satisfy the concentration requirement for the Cisco Certified Cybersecurity Professional certification.


What you need to know

This training prepares you for

Continuing Education

Earn 40 CE credits towards recertification

Ways to get this training

Cisco U. Learning Path

Follow a guided Learning Path designed for your certification success. Pre- and post-assessments help you skip what you know and focus on what you need to learn.

Instructor-led training

Join lively classroom-style learning and discussions, online or in person, that are led by Cisco and our Learning Partners.

E-learning

Access a rich library of technology and certification training, study bundles, practice exams, simulators, and more.

How you'll benefit

This training will help you:

  • Learn how to perform a proactive security search through networks, endpoints, and datasets to hunt for malicious, suspicious, and risky activities that may have evaded detection by existing tools
  • Gain leading-edge career skills focused on cybersecurity

Who should enroll

  • Security Operations Center staff
  • Security Operations Center (SOC) Tier 2 analysts
  • Threat hunters
  • Cyber threat analysts
  • Threat managers
  • Risk managements

Technology areas

  • Cybersecurity

Objectives

After taking this course, you should be able to:

  • Define threat hunting and identify core concepts used to conduct threat hunting investigations
  • Examine threat hunting investigation concepts, frameworks, and threat models
  • Define cyber threat hunting process fundamentals
  • Define threat hunting methodologies and procedures
  • Describe network-based threat hunting
  • Identify and review endpoint-based threat hunting
  • Identify and review endpoint memory-based threats and develop endpoint-based threat detection
  • Define threat hunting methods, processes, and Cisco tools that can be utilized for threat hunting
  • Describe the process of threat hunting from a practical perspective
  • Describe the process of threat hunt reporting

Prerequisites

To fully benefit from this course, you should have the following knowledge and skills:

  • General knowledge of networks and network security

These skills can be found in the following Cisco Learning Offerings:


Outline

  • Threat Hunting Theory
  • Threat Hunting Concepts, Frameworks, and Threat Models
  • Threat Hunting Process Fundamentals           
  • Threat Hunting Methodologies and Procedures
  • Network-Based Threat Hunting 
  • Endpoint-Based Threat Hunting
  • Endpoint-Based Threat Detection Development
  • Threat Hunting with Cisco Tools
  • Threat Hunting Investigation Summary: A Practical Approach
  • Reporting the Aftermath of a Threat Hunt Investigation

Lab outline

  • Categorize Threats with MITRE ATTACK Tactics and Techniques
  • Compare Techniques Used by Different APTs with MITRE ATTACK Navigator
  • Model Threats Using MITRE ATTACK and D3FEND
  • Prioritize Threat Hunting Using the MITRE ATTACK Framework and Cyber Kill Chain
  • Determine the Priority Level of Attacks Using MITRE CAPEC
  • Explore the TaHiTI Methodology
  • Perform Threat Analysis Searches Using OSINT
  • Attribute Threats to Adversary Groups and Software with MITRE ATTACK
  • Emulate Adversaries with MITRE Caldera
  • Find Evidence of Compromise Using Native Windows Tools
  • Hunt for Suspicious Activities Using Open-Source Tools and SIEM
  • Capturing of Network Traffic
  • Extraction of IOC from Network Packets
  • Usage of ELK Stack for Hunting Large Volumes of Network Data       
  • Analyzing Windows Event Logs and Mapping Them with MITRE Matrix
  • Endpoint Data Acquisition
  • Inspect Endpoints with PowerShell  
  • Perform Memory Forensics with Velociraptor
  • Detect Malicious Processes on Endpoints
  • Identify Suspicious Files Using Threat Analysis 
  • Conduct Threat Hunting Using Cisco Secure Firewall, Cisco Secure Network Analytics, and Splunk
  • Conduct Threat Hunt Using Cisco XDR Control Center and Investigate
  • Initiate, Conduct, and Conclude a Threat Hunt