6: Sound the Alarm -Detection and Response
- Description
- Curriculum
- Reviews
- Grade
Sound the Alarm: Detection and Response
In this course, you will learn how to detect, investigate, and respond to cybersecurity incidents. You’ll explore the steps needed to contain, eradicate, and recover from attacks, analyze network communications, and use industry-standard tools to monitor and investigate events.
Throughout this course, you will:
-
Identify the steps to contain, eradicate, and recover from a security incident
-
Analyze packets to interpret network communications and detect anomalies
-
Understand the basic syntax, components of signatures, and logs in IDS and NIDS tools
-
Perform queries in Security Information and Event Management (SIEM) tools to investigate events
-
Complete 7 hands-on labs to practice detection, analysis, and response in realistic scenarios
By the end of this course, you’ll have practical experience using detection and response tools to identify threats, investigate incidents, and take action to protect organizational systems.
-
1
Introduction to the Course -
2
Course Overview -
3
Helpful Resources and Tips
-
4
George - Grow You Cybersecurity Career with Mentors
-
5
Welcome to Module 1
-
6
Introduction to the Incident Response Lifecycle
-
7
Quiz - Matching Apply the NIST Lifecyle to a Vishing ScenarioQuiz - Matching Apply the NIST Lifecyle to a Vishing Scenario -
8
Assignment - Document an Incident with an Incident Handler's Journal -
9
Quiz - Assignment QuestionsQuiz - Assignment Questions
-
10
Assignment - Example
-
11
Quiz - The Incident Response LifecycleQuiz - The Incident Response Lifecycle
-
12
Incident Response Team
-
13
Aisha - The Importance of Communication During Incident Response
-
14
Roles in Response
-
15
Incident Response Plans
-
16
Quiz - Incident Response OperationsQuiz - Incident Response Operations
-
17
Incident Response Tools
-
18
The Value of Documentation
-
19
Intrusion Detection Systems
-
20
Overview of Detection Tools
-
21
Quiz - Detection and Documentation ToolsQuiz - Detection and Documentation Tools
-
22
Alert and Event Management with SIEM and SOAR Tools
-
23
Overview of SIEM Technology
-
24
Quiz - Management ToolsQuiz - Management Tools
-
25
Module 1 - Wrap-Up
-
26
Module 1 Glossary Terms
-
27
Module 1 - Final QuizModule 1 - Final Quiz Description: This quiz is designed to test your understanding of key concepts in incident response and security operations. You’ll be asked about the difference between security events and incidents, the steps of the NIST Incident Response Lifecycle, the roles of specialized teams, and the tools used to detect, analyze, and respond to potential threats. Questions also cover important processes like documentation, SIEM data collection, and the functions of IDS, IPS, and SOAR. By completing this quiz, you’ll reinforce your knowledge of how cybersecurity professionals prepare for, investigate, and manage incidents effectively.
-
28
Welcome to Module 2
-
29
Avery - Apply Soft Skills in Cybersecurity
-
30
The Importance of Network Traffic Flows
-
31
Maintain Awareness with Network Monitoring
-
32
Data Exfiltration Attacks
-
33
Quiz - Understand Network TrafficQuiz - Understand Network Traffic
-
34
Packets and Packet Captures
-
35
Learn More About Packet Captures
-
36
Interpret Network Communications with Packets
-
37
Reexamine the Fields of a Packet Header
-
38
Investigate Packet Details
-
39
LAB - Getting started with Wireshark , Analyze Your First Packet
-
40
Quiz - Capture and View Network TrafficQuiz - Capture and View Network Traffic
-
41
Packet Captures with tcpdump
-
42
Overview of tcpdump
-
43
LAB - How to Install KaLi Linux using VirtualBox VM
-
44
LAB - Capture your First Packet Download KALi Linux
-
45
Quiz - Packet InspectionQuiz - Packet Inspection
-
46
Assignment - Research Network Protocol Analyzers
-
47
Assignment - Example
-
48
Module 2 - Wrap-Up
-
49
Module 2 Glossary Terms
-
50
Module 2 Final QuizModule 2 Final Quiz Description: This quiz assesses your understanding of network traffic monitoring, packet analysis, and the use of network protocol analyzers such as Wireshark and tcpdump. You will demonstrate knowledge of packet structures, IP header fields, and key tcpdump commands and options. The questions cover identifying suspicious network activity, understanding packet capture files, filtering traffic, and interpreting protocol information. By completing this quiz, you’ll reinforce your ability to analyze network communications and apply foundational cybersecurity skills in monitoring and investigating network traffic.
-
51
Welcome to Module 3
-
52
The Detection and Analysis Phase of the Lifecycle
-
53
Cybersecurity Incident Detection Methods
-
54
Ongoing Monitoring of CI/CD
-
55
Alex - Changes in the Cybersecurity Industry
-
56
Indicators of Compromise
-
57
Quiz - Indicators of CompromiseQuiz - Indicators of Compromise
-
58
Analyze Indicators
-
59
Assignment - Investigate a Suspicious File Hash, Using VirusTotal
-
60
Assignment - Example
-
61
Quiz - Incident Detection and VerificationQuiz - Incident Detection and Verification
-
62
The Benefits of Documentation
-
63
Document Evidence with Chain of Custody Forms
-
64
Best Practices for Effective Documentation
-
65
The Value of Cybersecurity Playbooks
-
66
Assignment - Use a Playbook to Respond to a Phishing Incident
-
67
Assignment - Example
-
68
The Role of Triage in Incident Response
-
69
Morgan - Foster Cross-Team Collaboration
-
70
The Triage Process
-
71
The Containment, Eradication, and Recovery Phase of the Lifecycle
-
72
Business Continuity Considerations
-
73
Quiz - Response and RecoveryQuiz - Response and Recovery
-
74
The Post-Incident Activity Phase of the Lifecycle
-
75
Post-Incident Review
-
76
Assignment - Review a Final Report
-
77
Quiz - Assignment QuizQuiz - Assignment Quiz
-
78
Quiz - Matching - Explore an Incident Event TimelineQuiz - Matching - Explore an Incident Event Timeline
-
79
Quiz - Post Incident ActionsQuiz - Post Incident Actions
-
80
Module 3 Wrap-up
-
81
Module 3 Glossary
-
82
Module 3 Final QuizModule 3 Final Quiz Description: This quiz assesses your understanding of key concepts from the NIST Incident Response Lifecycle, including detection, containment, eradication, recovery, and post-incident activities. You will apply your knowledge to scenarios involving alerts, malicious files, and security incidents, demonstrating your ability to evaluate alerts, follow triage procedures, document findings, and analyze lessons learned. The quiz includes multiple-choice and select-all-that-apply questions designed to test both your theoretical knowledge and practical application of incident response best practices, ensuring you can make informed decisions as a security analyst.
-
83
Welcome to Module 4
-
84
The Importance of Logs
-
85
Best Practices for Log Collection and Management
-
86
Quiz - Overview of LogsQuiz - Overview of Logs
-
87
Becca - Learn New Tools and Technologies
-
88
Variations of Logs
-
89
Overview of Log File Formats
-
90
Quiz - Match Log Files to Their File FormatQuiz - Match Log Files to Their File Format
-
91
Quiz - Log Components and FormatQuiz - Log Components and Format
-
92
Security Monitoring with Detection Tools
-
93
Detection Tools and Techniques
-
94
Jackie - Security Mindset in Detection and Response
-
95
Componenets of a Detection Signature
-
96
Examine Signatures with Suricata
-
97
Examine Suricata Logs
-
98
Overview of Suricata
-
99
LAB - Explore Signatures and Logs with Suricata
-
100
LAB - Working with Suricata Commands, Rules, and Alerts
-
101
Quiz - Overview of Intrusion Detection System (IDS)Quiz - Overview of Intrusion Detection System (IDS)
-
102
Reexamine SIEM Tools
-
103
Log Sources and Log Ingestion
-
104
Query for Events with Splunk
-
105
Query for Events with Google SecOps
-
106
Search Methods with SIEM Tools
-
107
Follow Along Guide for Wazuh Setup
-
108
LAB - Follow Along Guide for Wazuh Setup
-
109
LAB - Assignment - Perform a Query with Wazuh
-
110
Quiz from LABQuiz from LAB
-
111
Quiz - Overview of SIEM ToolsQuiz - Overview of SIEM Tools
-
112
Dialogue - Explore Network Security Technologies Through Conversation
-
113
Module 4 - Wrap-Up
-
114
Module 4 Glossary Terms
-
115
Module 4 Final QuizModule 4 Final Quiz Description: This quiz is designed to assess your understanding of key concepts in network security monitoring and analysis. You will be tested on topics such as log types, intrusion detection systems (IDS), SIEM tools, and search techniques used to investigate security incidents. The questions focus on applying your knowledge to identify the purpose and structure of logs, differentiate between host- and network-based security monitoring, interpret IDS rule options, and use effective search methods for analyzing event data. Completing this quiz will help reinforce your ability to monitor, investigate, and respond to potential security threats in a real-world environment.
-
116
Assignment - Finalize you Incident Handlers Journal
-
117
Quiz - Assignment QuizAssignment Quiz
-
118
Assignment - Example
-
119
Reflect and Connect with Peers
-
120
Course Wrap-Up
-
121
Course Glossary
-
122
Get Started on the Next Course
-
Course Title: Sound the Alarm: Detection and Response
-
Course Level: Intermediate
-
Duration: 20-25 hours
-
Delivery Format: Online
-
Prerequisites: Assets, Threats, and Vulnerabilities recommended
-
Estimated Time Commitment: 4–5 hours per week
-
Course Type: Video Lessons
-
Hands-On Labs: 7 practical labs on incident detection, IDS/NIDS analysis, and SIEM investigations
-
Focus: Detecting, analyzing, and responding to security incidents
Technical Requirements:
-
A computer (Windows, macOS, or Linux) with reliable internet access
-
At least 8 GB of RAM and 30 GB of free storage space
-
Ability to install and run virtual machines (e.g., VirtualBox)
-
Basic web browser and text editor (e.g., Chrome, Firefox, VS Code)
Software Requirements:
-
Kali Linux Virtual Machine (provided in course instructions)
-
Python (latest version)
-
OpenSSL
-
Access to cybersecurity tools introduced in labs (free and open-source)
Academic Requirements:
-
Completion of all assigned readings and video lessons
-
Participation in hands-on labs and exercises
-
Submission of lab reports or reflections (as assigned)
-
Passing scores on quizzes and final assessment
Recommended Skills (not required):
-
Basic computer navigation (file management, installing software)
-
Interest in technology, problem-solving, and digital safety
This course is designed for beginners who are interested in learning the fundamentals of cybersecurity. It is ideal for:
-
Students exploring a career in cybersecurity or IT
-
Professionals looking to strengthen their digital security knowledge
-
Individuals interested in understanding how networks, systems, and data are protected
-
Anyone with curiosity about online threats, hacking, and cyber defense
No prior technical experience or programming knowledge is required—just a willingness to learn and explore the world of cybersecurity.
