CSX Practitioner: Detection

CSX Practitioner: Detection

Course ID: CSXPD 5 Days

CSX Practitioner: Detection


The second course in the CSX Practitioner series goes deeper into skills focused in the Detect domain. Students will learn the basic concepts, methods and tools used to leverage cyber security controls in order to identify system events and non-event level incidents. By completing multiple lab-reinforced modules, students will gain the skills necessary to detect potential network events and incidents. Topics range from incident packet analysis to Incident Response (IR) report drafting and generation.



The Detection course is ideal for individuals in the field of cyber security who are interested in gaining hands-on technical skills.





Instructor-led / Virtual Instructor-led

Thailand: Upon Request
India: USD3,500



  • Networking Traffic and Log Comparison
  • Log Qualification
  • Event Comparison


The course provides students with an environment to discuss and practice methods implemented by cyber security professionals in the Detect domain. Students leave the course prepared to serve as complimentary team members for enterprises who are workforce ready


Day 1:

Analyzing Network Traffic Using Monitors

Monitoring Network Traffic

Monitoring Schedule

LAB: Using Snort and Wireshark to Analyze Traffic

Searching for Indicators of Compromise

Monitoring for False Positives

LAB: Monitoring Network Traffic

Associated Topics

  • Traffic Flow Analysis
  • IR Resources

Day 2:

Escalate Potential Compromises

Network Packet Analysis

LAB: Searching for Indicators of Compromise

Malicious Activity and Anti-Virus

Malicious Code and Activity Types

LAB: Monitoring for False Positives

Remediation Steps

Associated Topics

  • Attack Types
  • Attack Methods
  • Network Access Control
  • Virus Types
  • Worm Variants

Day 3:

Assessing Available Event Information

LAB: Performing an Initial Attack Analysis

Performing Initial Analysis

Identifying Potential Collection Sources

LAB: Detect the Introduction and Execution of Malicious Activity

Deploy the Data Collection Utility

Using Event Correlation

LAB: Analyze and Classify Malware

Associated Topics

  • Incident Identification Methodologies
  • IP Reputation Databases
  • Port Scanning
  • Host Analysis
  • Network Traffic Behavior

Day 4:

Using Established Baselines to Detect Anomalies

Documenting Yours Steps

LAB: Event Log Collection

Initial Attack Analysis

Determine the Initial Scope

LAB: Windows Event Log Manipulation

Identify if High-Risk Systems Were Affected

LAB: Host Integrity Baselining

Associated Topics

  • Malware Functionality
  • Spyware
  • Trojans
  • Rootkits
  • Viruses
  • Backdoors

Day 5:

Ongoing Monitoring

LAB: Performing Network Packet Analysis

Build an Event Timeline

LAB: Automated In-Depth Packet Decoding

Documenting Steps Taken

LAB: High Risk Effects

Incident Escalation Reporting

Change Implementation/ Escalation

LAB: Comprehensive Assessment

Implementing Patches and Updates

Ensuring Data Integrity

Post-Incident Review

Associated Topics

  • NIST Roles
  • ISO Designations
  • CERT Designation
  • CSIRT Roles

What’s Next

Subscribe to our mailing list for special offers and promotions.

Thank you! Your subscription has been confirmed. You'll hear from us soon.