This week-long course will help students gain an intermediate-level understanding of the concepts, skills and tools required to discover and differentiate incidents and events on their networks of responsibility. They will learn threat detection techniques, such as traffic monitoring and analysis, false positive minimization, and false negative eradication. In addition, they will learn how to utilize specialized tools, such as Wireshark and TCPdump to detect threats.
The Detect domain teaches students to distinguish network and system incidents and events. Students will learn to identify compromise indicators, assess potential damage, and provide appropriate data to first response teams.