eCIR (Certified Incident Responder) – eLearnSecurity
The eCIR is a highly technical certification that requires advanced knowledge of networks, systems and cyber attacks. Anyone can attempt the certification exam; however, below are suggested skills to possess for a successful outcome
The eLearnSecurity Certified Incident Responder (eCIR) exam challenges cyber security professionals to solve complex Incident Handling & Response scenarios in order to become certified.
Only individuals who provide proof of their findings in addition to identifying any attacker activities are awarded the eCIR Certification.
You will need to blend multiple detection and analysis methodologies to effectively respond to the exam’s incidents. Traffic analysis, event/log analysis within ELK and Splunk and event correlation are required. A skillset like this will make you a valuable asset in the corporate sector.
Here are some of the ways eLearnSecurity Certified Incident Responder certification is different from conventional exams:
Instead of putting you through a series of multiple-choice questions, you are expected to perform actual Incident Response activities on two different corporate networks. Both Incident Response simulations are modeled after real-world scenarios and cutting-edge attacking techniques.
Contenuto del corso :
- Letters of engagement and the basics related to an Incident Response engagement
- Advanced networking concepts
- Knowledge of Incident Response processes and methodologies
- Packet/traffic analysis
- Ability to correlate events and logs
- Familiarly with tools such as Wireshark, ELK & Splunk
- Cyber crime Techniques, Tactics & Procedures
- Detection of all stages of the “Cyber Kill Chain”
- Familiarity with ELK and Splunk searches
- Ability to effectively analyze thousands of events within a SIEM
- Good understanding of Windows (and Sysmon) events
- Attacker activity detection through process analysis
Pagina di Vendita: https://elearnsecurity.com/product/ecir-certification/