Threat Hunting with Falcon Training Course and Workshop in Bangalore, Mysore, Chennai, Hyderabad, Pune, Mumbai, Delhi, Noida, Gurgaon, Kolkata

In Threat Hunting with Falcon training course, you will learn to threat hunt for indications of adversarial compromise. You will also detect when and how the compromise occurred, identify affected systems and generate key sources of threat intelligence.

By attending Threat Hunting with Falcon workshop, delegates will learn to:

Apply industry-standard threat hunting concepts and doctrinal intelligence methodologies to their investigations
Apply threat intelligence analysis within a threat hunt in order to discover indications of an adversarial compromise
Develop initial threat hunting findings, create lead resolutions through the operationalization of threat intelligence and report findings

Knowledge of Falcon Platform
Have intermediate knowledge of cybersecurity incident investigation and the incident lifecycle

The Threat Hunting with Falcon class is ideal for:

Current incident responders, threat hunters and intel analysts with intermediate knowledge of threat hunting principles.

Definitions And Concepts

Summarize threat hunting and threat intelligence
Differentiate between IOAs and IOCs
Conduct a threat hunt maturity assessment

Threat Hunting Triggers

Discover typical endpoint events that trigger an enterprise threat hunt
Act on discovered IOAs, IOCs or anomalies

Threat Hunting Methodologies

Learn CrowdStrike threat hunting methodologies
Research publicly available information using best practices of OSINT
Query internal data stores for artifacts found in your environment
Investigate and research IOAs and IOCs to discover adversarial presence

Threat Intelligence

Review threat intelligence case study
Describe the different sources of threat intelligence
Review CrowdStrike intelligence products
Discuss how threat intelligence impacts threat hunting

Intel Models And Frameworks

Apply models and frameworks to understand adversary intent and capabilities
Complete TTP identification using the MITRE ATT&CK framework
Apply the Diamond Model to a sample scenario

Framework Deep Dive

Analyze adversary actions through the MITRE lens
Use frameworks to develop the focus of the threat hunt
Understand how ATT&CK is incorporated into Falcon
Inspect the ATT&CK framework components in Falcon detection and Incident pages
Apply morphological analysis with the ATT&CK framework to kill the attack
Use the ATT&CK Navigator to intimately understand the attacker's next moves

Crowdstrike Search Methodology

Summarize SEARCH threat hunt methodology
Analyze the environment for adversary activity using SEARCH methodology

Capstone

Complete a threat hunt using scenario-based learning
Refine your understanding of the attack using doctrinal intelligence analysis
Complete a threat hunt report based on findings from the capstone exercise

Automating The Threat Hunt

Understand the use of SQRRL for efficient hunting
Develop API scripts to automate common hunting tasks
Create custom IOAs and allow Falcon to continually hunt for you

Encarta Labs Advantage

One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
All courses are delivered by Industry Veterans
Get jumpstarted from newbie to production ready in a matter of few days

Trained more than 50,000 Corporate executives across the Globe
All our trainings are conducted in workshop mode with more focus on hands-on sessions

Threat Hunting with Falcon

COURSE AGENDA