For direct assistance contact us! +91-9999508202 [email protected]

Blue team operations training

Blue Team Operations  training covers up roles and responsibilities of L1, L2 and L3 team .The SOC team mainly responsible for the ongoing, operational component of enterprise information security. Security operations center staff is comprised primarily of security analysts who work together to detect, analyze, respond to, report on, and prevent cybersecurity incidents. Additional capabilities of some security operations centers can include advanced forensic analysis, crypt-analysis, and malware reverse engineering to analyze incidents.

With Blue Team Operations training, We are Covering a wide range of SIEM methodologies as per organisations, Log analysis, vulnerability scanning techniques . The scenario based various industrial use cases will be covered up with SPLUNK and IBM Radar.

The core heart of this training is learning the Incident response and threat intelligence for responding, investigating, and prepare mindset for critical attacks . The Incident response methodology portion of BLO training focuses on tool and techniques used for rapid response . Threat intelligence portion will prepare candidates to make faster security decisions to fight against threat actors

 

BLUE TEAM OPERATIONS

REAL LIFE CASE STUDIES

INSTRUCTOR-LED SESSIONS

INDUSTRY DRIVEN CERTIFICATION

DAILY ASSIGNMENTS

STUDENT LEARNING KIT

 

syllabus

syllabus

Blue Team Operations | BTO-121 1
module 1 : Blue Team Operations Architechure
  •  SOC models, SOC types, and organizational positioning
  •  SOC budgeting and planning of scope
  •  SOC roles and hierarchy of teams
  •  SOC Models and Compliances
  •  SOC Maturity Model and SOC-CMM tool
  •  SOC- Services: Security Monitoring, Incident Response, Security Analysis, Threat Intelligence, Threat Hunting, Vulnerability Management, Log Managements
Blue Team Operations | BTO-121 2
module 2 : Vulnerability assessment,system hardening and End point analysis
  • Common tools and techniques for vulnerability assessment
  • Nessus vulnerability scanning & management
  • Security onion for network EDR
  • Pfsense for Small networks defense
  • System hardening and Audits of endpoint perimeter devices
Blue Team Operations | BTO-121 3
module 3 : Understanding the logs
  • Data Collection Strategies: Log content, use cases & SIEM rules, Threat-based & business requirement-based logging, log retention
  • Logs and Log Collection: Mechanisms, Syslog, Agents, File-based logging, Log formats, Indexing, and log normalization, log parsing, Regular expressions, Anchors, Repetitions

 

Stars review
module 4 : SIEM Operations with Splunk
  • Splunk Configuration ,customisations and implementation
  • Selecting the right Plan for the organisation
  • SPL language primer 
  • Log parsing and filtering
  • Building Dashboards
  • Monitoring and Alerting the vulnerabilities 

 

WinDows
module 5 : Siem operations with qradar
  • Understating the Need of Qradar vs Other SIEM 
  • Customizing the configurations
  • Understating the architecture
  • Working with log collection
  • Mapping the vulnerabilities with Qradar
  • AQL language for blue teams
  • Developing and customizing rules

 

certified network security professional
module 6 : INCIDENT RESpOSNSE Primer

Introduction to Incident Response

  • What is Incident Response?
  • Why is IR Needed?
  • Security Events vs. Security Incidents
  • Incident Response Lifecycle – NIST SP 800 61r2
  • MITRE ATT&CK Framework for IR

Preparation of Planning and procedures

  • Incident Response Plans, Policies, and Procedures
  • The Need for an IR Team
  • Asset Inventory and Risk Assessment to Identify High-Value Assets
  • DMZ and Honeypots
  • Host-based Defenses
  • Network-based Defenses
  • Email Defenses and techniques
    • Spam Filter
    • Attachment Filter
    • Attachment Sandboxing
    • Email Tagging
  • Physical Defenses
  • Deterrents
  • Access Controls
  • Monitoring Controls
  • Human Defenses
  • Security Awareness Training
  • Security Policies

 Detection and Analysis

  • Common Events and Incidents
  • Establishing Baselines and Behavior Profiles
  • Central Logging (SIEM Aggregation)
  • Analysis (SIEM Correlation)

 Containment, Eradication, Recovery

  • CSIRT and CERT Explained
  • Containment Measures
  • Network Isolation, Single VLAN, Powering System(s) Down, Honeypot Lure
  • Taking Forensic Images of Affected Hosts
  • Linking Back to Digital Forensics Domain
  • Identifying and Removing Malicious Artefacts
  • Memory and disk analysis to identify artifacts and securely remove them
  • Identifying Root Cause and Recovery Measures

 Lessons Learned

  • What Went Well?
  • Highlights from the Incident Response
  • What Could be Improved?
  • Issues from the Incident Response, and How These Can be Addressed
  • Important of Documentation
  • Creating Runbooks for Future Similar Incidents, Audit Trail
  • Metrics and Reporting
  • Presenting Data in Metric Form
  • Further Reading

     

    Investigation and Security training
    module 7 : Digital forensics In incient response
    • Fundamentals of digital forensics, digital evidence, and intrusion reconstruction
    • Interact with the lower levels of files , hidden data and disks analysis for investigations
    • Dive deeply into the Windows OS and its artifacts
    • The world of network analysis and forensics
    • Tools and techniques required to analyse the network traffic and detect network attacks.
    • Logs timelines and forensics reporting
    Future Investigation
    module 8 : Essential Malware analysis for incident resp0nders
    • Role of malware analysis in incident response
    • types of malware and malware analysis techniques
    • malware sample and acquisiton tools
    • PE file structure analysis
    • IOC to yara rules
    • Windows process and APIs
    • Analysing the process injections
    • Working Dlls and Dll injections
    • Dynamically analysing the backdoors
    Blue Team Operations | BTO-121 4
    module 9 : Threat intelligence , hunting strategies & tactics
    • Threat Intelligence types, protocols & standards, feeds, platforms
    • ISACs and other communities, Chatham House Rule 
    • CTI process, CTI infrastructure management
    • CTI skills: NIST NICE – CTI Analyst
    • Cyber Kill Chain versus MITRE ATT&CK and PRE-ATT&CK Frameworks
    • Lockheed Martin Cyber Kill Chain
    • OODA loop, Diamond model of intrusion analysis.
    • MaGMa, MaGMa UCF Tool
    • SIGINT, OSINT, HUMINT, GEOINT
    • Threat and APT motivations
    • Tools, Techniques, Tactics
    • Living-off-the-land Techniques

     

    certified IOS pentester
    module 10 : Threat intelligence Advance

    • Operational Intelligence
      • What are the precursors how they’re different from IOCs, how we monitor them?
      • What TTP are, why they’re important, using to maintain defenses (preventative)
    • Tactical Threat Intelligence
      • Threat Exposure Checks, how to check your environment for the presence of bad IOCs
      • What are watchlists, how to monitor for IOCs (SIEM, IDPs, AV, EDR, FW)
      • Public Exposure Assessments, google dorks, harvester, social media
      • Open-Web Information Collection
      • How intel companies scrape dark web intel, why it’s useful, data breach dumps, malicious actors on underground forums, commodity malware for sale
      • Malware Information Sharing Platform (MISP)
    • Strategic Threat Intelligence
      • What IOCs are, how they’re generated and shared, using IOCs to feed defenses
      • Why intelligence sharing intel is important, existing partnerships, US-CERT, NCCIC, NCSC, ISACs
      • IOC/TTP Gathering and Distribution
      • Campaign Tracking & Situational Awareness
      • OSINT vs. Paid-for Sources
        • Threat Intelligence Vendors, Public Threat Feeds, National Vulnerability Database, Twitter

     

    Warning
    module 11 : Security Orchestration, Automation, and Response.
    • Need of SOAR in industry 
    • Playbooks in SOAR for automated actions
    • Working with SPLUNK Fantom
    • Automation with Shuffle in blue team operations
    who should attend this training?
    • Freshers

    • Ethical hackers

    • System Administrators

    • Network Administrators

    • Security Engineers

    • Security Professionals

    why should i take this training?

    The era of the technology is now growing every day but due to dependency on the technology cyber frauds and attacks are also increased so to take defense for yourself and your business this is best suitable training to take entry in this domain.

    prerequisite of the training ?

    Candidate should familier with Following concpets before joining the sessions :-

    Cyber security essentials

    Strong networking skills

    Good understanding of Windows and Linux commands

    Virualization and proxies

    This training is not for absolute beginners . 

    What is the duration of the training ?

    Its an Instructor-led online training and the total duration of the training is 80 hours.

    Blue team

    operations

    Training enquiry

    1 + 3 =

    Our clients

    Testimonials

    Today I’ve completed my one 2 one online training by Mr Naresh sir from Certcube Labs .
    This is the first time I have attended a class in this format and wondered how effective it would be. It was very effective and therefore I would definitely be interested in attending other classes in the same format. The instructor was very knowlegeable and provided a wealth of information about the current version, especially since the last version I used was several releases ago.
    Satyam Singh

    BCA, Delhi University

    Positive: Professionalism, Quality, Responsiveness, Value

    5 start training. Naresh is the best. He made me Zero to Hero in 3 months time. Little bit expensive compare to others ,but totally worth it .

    Ravi

    Cyber Security Consultant , Red Hawk

    together Let’s Create the future

    2 + 3 =