CSX Specialist: Detect

CSX Specialist: Detect

Course ID: CSXSD 5 Days

CSX Specialist: Detect


This week-long course will help students gain an intermediate-level understanding of the concepts, skills and tools required to discover and differentiate incidents and events on their networks of responsibility. They will learn threat detection techniques, such as traffic monitoring and analysis, false positive minimization, and false negative eradication. In addition, they will learn how to utilize specialized tools, such as Wireshark and TCPdump to detect threats.

The Detect domain teaches students to distinguish network and system incidents and events. Students will learn to identify compromise indicators, assess potential damage, and provide appropriate data to first response teams.



  • CSX Specialist courses are for individuals who are established in the field of cybersecurity and would like to take their skills to the next level by pursuing in-depth, hands-on understanding of the domains and techniques that are part of their everyday work-life.





Instructor-led / Virtual Instructor-led

India: Upon Request




  • Provide students with an environment to discuss and practice methods implemented by cyber security professionals in the Identify and Protect domain. Ensure students develop into complimentary team members for enterprises who are workforce ready.


Day 1:

IDS/IPS Need Requirements

LAB: IDS Implementation/Configuration

Compromise Identifier Recognition

LAB: Event Recognition Logs

Nonlinear Network Traffic Analysis

LAB: Packet Inspection and Analysis

Threat Analysis Review

LAB: Threat Characteristics and Identifiers

Associated Topics:

  • DS/IPS Utilization
  • Event Log Analysis
  • Event Correlation System Construction
  • IDS/IPS updating

Day 2: 

Antivirus Log Evaluation

LAB: Antivirus Log Review

Anomalous Activity Log Review

LAB: Attack Log Assessment

Event Source Auditing

LAB: Source Identification

Event Management

LAB: Event Logging System

Associated Topics

  • Antivirus Merit Identifiers
  • Attack Log Evaluation
  • Event Packet Characterization
  • Security Information and Event Management (SEIM)

Day 3:

Attack Scope and Target Determination

LAB: Damage Determination

Network Packet Analysis 

LAB: Attack Comparison

Updating Attack Signature Databases

LAB: IDS/IPS Updating

Associated Topics

  • Activity Logs
  • Network Logs
  • Triage
  • Investigation
  • Identification Methodologies

Day 4:

Change Detection

LAB: Change identification

Configuration Comparison

LAB: Hash Comparisons

Attack Consequence Determination

LAB: System Auditing

Post Incident Vulnerability Scans

LAB: Vulnerability Scanning

Associated Topics:

  • Data Preservation
  • Backup Procedures
  • Penetration Testing Methodologies
  • Event Categorization

Day 5:

False Positive Elimination 

LAB: Defining False Positives

Root cause Identification 

LAB: Identifying Weaknesses

Detection Mechanism Refinement

LAB: Updating Response

Signature Database Enhancement

LAB: Updating IDS/IPS

Associated Topics:

  • False Positives
  • False Negatives
  • Security Threats
  • Threat Databases

What’s Next

Subscribe to our mailing list for special offers and promotions.

Thank you! Your subscription has been confirmed. You'll hear from us soon.