TRENDING

Certified Cyber Threat Intelligence Analyst

About This Course

About This Course

Threat Intelligence enables Businesses to provide the best possible defense against the most probable threats. This course introduces attendees with the basics concepts of Threat Intelligence and take them thru the entire process of setting up a Threat Intel Platform using MISP to consume all the intelligence from around 80+ global community feeds and also enables the attendees to share intelligence on malwares and attacks back to the community.

Course Duration:

5 Days

SIGN UP

Threat Intelligence is an evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard. With Intelligence and Automation equipping cyber criminals to conduct targeted and stealth attacks, it us utmost important for enterprises to be equipped with cyber threat intelligence to achieve a cyber resilient posture.

  • Gain in-depth knowledge of security threats, attacks, vulnerabilities, attacker’s behaviors, cyber kill chain, SOC processes, procedures, technologies, and automation workflows
  • Understand the MITRE ATT&CK Framework and Able to identify attacker techniques, tactics, and procedures (TTP) to investigate on indicators of compromise (IOCs) and provide automated / manual responses to eliminate the attack/incident
  • Able to understand the concepts of Threat Intelligence and gain in-depth knowledge on how to integrate Threat Intelligence with the SIEM, SOAR, EDR and other SOC technologies to reduce the Mean time to Detect (MTTD) and Mean time to Respond (MTTR)
  • Able to Understand and learn how to setup a Threat Intelligence Framework and platform for your organization and consume community and commercial feeds to understand attacks and defend your organization from future attacks
  • Gain in-depth knowledge on Malware Information Sharing Platform (MISP) and learn to setup a working instance with configurations and integrations that can be used immediately in your organisation
  • Gain knowledge of Incident Response Methodology, processes and in-depth knowledge on how to integrate Threat Intelligence processes with Incident Response processes using HIVE and learn how to automate them as a single workflow

Module 1 : Introduction to Threat Intelligence

  • Understanding Threats, Threat Modeling and Risk
  • What is Threat Intelligence
  • Need for Threat Intelligence
  • Benefits of Threat Intelligence
  • Types of Threat Intelligence
  • Threat Intelligence Life Cycle
  • Sources of Threat Intelligence
  • Technologies contributing to Threat Intelligence ( SIEM, EDR, Log Sources )
  • Threat Intelligence & SOC
  • Incident Response & Threat Intelligence
  • Applications of Threat Intelligence
  • Threat Intelligence Frameworks ( CIF, MISP, TAXII)
  • Role of Threat Intelligence Analyst & Threat Hunters

Module 2 : Technical Deep Dive on Latest Attacks

  • What is Security, Vulnerabilities & O-Days, Attack life Cycle, Different Attack Vectors
  • Threats Vs. Risks, Why Perimeter defenses are failing? Why Anti-Virus is not enough?
  • Introduction to Cyber Kill Chain
  • Indicators of Compromise (IOC) & IOC Sources (OTX, MISP)
  • Business Email Compromise (BEC) (Lab) with Indicators of Compromise
  • Ransomware (Lab) with Indicators of Compromise
  • Advanced Persistent Threat (Lab) with Indicators of Compromise
  • File-less Malwares (Lab) with Indicators of Compromise
  • Mobile Malwares (Lab) with Indicators of Compromise
  • Web Data Breach (Lab) with Indicators of Compromise
  • Malvertising (Lab) with Indicators of Compromise
  • Social Media based attacks (Lab) with Indicators of Compromise
  • Password based attacks (Password Stuffing, Account Takeover, Phishing, etc) (Lab)
  • What is MITRE ATT&CK Framework ?
  • Tactics, Techniques and Procedures (TTP)
  • Threat Actors
  • ATT&CK Navigator
  • The ThreatHunter-Playbook
  • Atomic Red Team Library
  • Threat-Based Adversary Emulation with ATT&CK
  • Behavioral-based analytic detection using ATT&CK
  • Mapping to ATT&CK from Raw Data – Lab
  • Storing and analyzing ATT&CK-mapped intel

Module 3 : Setting up Threat Intel Framework

  • Enterprise Threat Landscape Mapping
  • Scope & Plan Threat Intel Program
  • Setup Threat Intel Team
  • Threat Intelligence Feeds, Sources & Data Collections
  • Open source Threat Intel Collections (OSINT and more)
  • Dark Web Threat Intel Collections
  • SIEM / Log Sources Threat Intel Collections
  • Pubic Web data Threat Intel Collections ( Maltego, OSTrICa, and more)
  • Threat Intel collections with YARA
  • EDR Threat Intel Collections
  • Incorporating Threat Intel into Incident Response
  • Threat Intel & Actionable Contextual Data
  • Commercial Threat Intel Feed Providers ( RecordedFuture, BlueLiv, etc. )
  • Commercial Threat Intel Platforms ( Anamoli, DigitalShadows, etc. )

Module 4 : Malware Information Sharing Platform (MISP)

  • MISP Project Overview
  • MISP Features & Use cases
  • Events, Objects and Attributes in MISP
  • MISP Data model & Core data structure
  • MISP - Creating and populating events
  • MISP - Distribution and Topology
  • MISP Galaxy
  • MISP Object Templates
  • MISP Deployment and Integrations
  • Normalizing OSINT and other community & Private Feeds
  • SIEM and MISP Integration
  • Incident Response and threat hunting using MISP
  • Viper and MISP
  • MISP Administration
  • MISP feeds - A simple and secure approach to generate, select and collect intelligence
  • MISP and Decaying of Indicators
  • Workflow of a security analyst using Viper as a management console for malware analysis

Module 5 : Cybersecurity Incident Response

  • Introduction to Incident Response
  • Incident Response & Handling Methodology
  • MISP & HIVE Integrations
  • HIVE Implementation
  • Malware Analysis Use case using MISP & HIVE

Certified Cyber Threat Intelligence Analyst (CCTIA)

The CCTIA examination is certified by the Global ACE Certification. The examination framework is designed to align with a set of relevant Knowledge, Skills and Attitudes (KSA) that is necessary for an Information Security Professional. Candidates will be tested via a combination of either continual assessment (CA), multiple choice questions (MC), theory/underpinning knowledge assessment (UK), practical assessment (PA), assignments (AS) and case studies (CS) as required.

Candidates can take the examination at authorized examination centres in participating scheme member countries. Candidates who have successfully passed the CCTIA examination will be eligible to apply as an associate or professional member by fulfilling the membership criteria defined under the Global ACE Certification.

Free Add-on : Free Membership access to KALAM Cybersecurity Collaboration & Community Skills Validation Platform

Certified Cyber Threat Intelligence Analyst (CCTIA)

Exam Platform : KALAM

Exam Format : Multiple Choice Question (MCQ)

Exam Questions : 50 Questions

Exam Duration is : 90 Minutes

Exam Pass Mark : 70%

Exam Fees : Inclusive in the Course Fees

Free Add-on : Free Membership access to KALAM Cybersecurity Collaboration & Community Skills Validation Platform

Certified Cyber Threat Intelligence Analyst (CCTIA) :

Click here to download brochure

Truly Inspiring & well-conducted

I gained various technical skills that now assist me in my day to day job in cybersecurity field.

Hands-on Labs with latest tools

Very beneficial as the course taught me security from hackers' perspective and learnt how to defend

Trainer was patient and knowledgeable

Taking this course was a stepping stone and I'm very pleased with the learning based on latest attacks and vulnerabilities

Frequently Asked Questions

Who are the target audiences for this course?
Cybersecurity Analysts, Network and Security Administrators, Entry-level cybersecurity professionals, SOC Analyst
Where can I get the Course Schedule?
Reach out to us via our Contact Us page with details on your location and interested course. We will find the nearest training partner to assist you for F2F / online class.
Is it necessary to take the exam on 5th day?
The exam voucher validity is 6 months, you can take exam within 6 months from your course date. We recommend you to take the exam at the earliest.
With this 5-day course, will I become a professional?
A professional in 5 days is just a marketing gimmick. We get you started with the right knowledge and assist you through the process of achieving professionalism after the class with mentoring and guidance through our Community Ecosystem platform, KALAM.