Sound the Alarm: Detection and Response

本课程是 Google Cybersecurity 专业证书的一部分

位教师：Google Career Certificates

307,133 人已注册

包含在中

了解更多

4个模块

深入了解一个主题并学习基础知识。

3,337 条评论

初级等级

无需具备相关经验

灵活的计划

2 周在 10 小时一周

自行安排学习进度

98%

大多数学生喜欢此课程

4个模块

深入了解一个主题并学习基础知识。

3,337 条评论

初级等级

无需具备相关经验

灵活的计划

2 周在 10 小时一周

自行安排学习进度

98%

大多数学生喜欢此课程

您将学到什么

Identify the steps to contain, eradicate, and recover from an incident
Analyze packets to interpret network communications
Understand basic syntax, components of signatures and logs in Intrusion Detection Systems (IDS) and Network Intrusion Detection Systems (NIDS) tools
Perform queries in Security Information and Event Management (SIEM) tools to investigate an event

您将获得的技能

您将学习的工具

要了解的详细信息

可分享的证书

添加到您的领英档案

作业

25 项作业

授课语言：英语（English）

了解顶级公司的员工如何掌握热门技能

了解关于 Coursera for Business 的更多信息

Petrobras, TATA, Danone, Capgemini, P&G 和 L'Oreal 的徽标

积累 Computer Security and Networks 领域的专业知识

本课程是 Google Cybersecurity 专业证书专项课程的一部分

在注册此课程时，您还会同时注册此专业证书。

向行业专家学习新概念
获得对主题或工具的基础理解
通过实践项目培养工作相关技能
通过 Google 获得可共享的职业证书

该课程共有4个模块

This is the sixth course in the Google Cybersecurity Certificate. Learners will focus on incident detection and response. They will learn what defines a security incident and explain the incident response lifecycle, including the roles and responsibilities of incident response teams. Learners will analyze and interpret network communications to detect security incidents using packet sniffing tools to capture network traffic. By assessing and analyzing artifacts, learners will explore the incident investigation and response processes and procedures. Additionally, they will develop a conceptual overview of log data and their role in intrusion detection systems (IDS) and Security Information Event Management (SIEM) tools. Learners who complete this certificate will be equipped to apply for entry-level cybersecurity roles. No previous experience is necessary.

By the end of this course, you will: - Explain the lifecycle of an incident. - Describe the tools used in documentation, detection, and management of incidents. - Analyze packets to interpret network communications. - Perform artifact investigations to analyze and verify security incidents. - Identify the steps to contain, eradicate, and recover from an incident. - Determine how to read and analyze logs during incident investigation. - Interpret the basic syntax and components of signatures and logs in Intrusion Detection Systems (IDS) and Network Intrusion Detection Systems (NIDS) tools. - Perform queries in Security Information and Event Management (SIEM) tools to investigate an event.

This module provides an overview of detection and incident response. Learners will explore how security professionals verify and respond to malicious threats. Learners will also become familiar with the steps involved in incident response. This overview will be the foundation for the next module.

涵盖的内容

12个视频7篇阅读材料6个作业1个插件

12个视频总计30分钟

Introduction to Course 6 2分钟
Dave: Grow your cybersecurity career with mentors 3分钟
Welcome to module 1 2分钟
Introduction to the incident response lifecycle 4分钟
Incident response teams 3分钟
Fatima: The importance of communication during incident response 3分钟
Incident response plans 2分钟
Incident response tools 2分钟
The value of documentation 3分钟
Intrusion detection systems 2分钟
Alert and event management with SIEM and SOAR tools 4分钟
Wrap-up 1分钟

7篇阅读材料总计44分钟

Course 6 overview 4分钟
Helpful resources and tips 4分钟
Portfolio Activity Exemplar: Document an incident with an incident handler's journal 4分钟
Roles in response 8分钟
Overview of detection tools 8分钟
Overview of SIEM technology 12分钟
Glossary terms from module 1 4分钟

6个作业总计114分钟

Portfolio Activity: Document an incident with an incident handler's journal 20分钟
Module 1 challenge 50分钟
Test your knowledge: The incident response lifecycle 8分钟
Test your knowledge: Incident response operations 8分钟
Test your knowledge: Detection and documentation tools 8分钟
Test your knowledge: Management tools 20分钟

1个插件总计10分钟

Explore: Apply the NIST lifecycle to a vishing scenario 10分钟

In this module, learners will be provided with an overview of network analysis tools more commonly referred to as “packet sniffers”. In particular, learners will sniff the network and analyze packets for malicious threats. Learners will also craft common filtering commands in both tcpdump and Wireshark to analyze the contents of packet capture.

涵盖的内容

9个视频10篇阅读材料5个作业4个应用程序项目

9个视频总计23分钟

Welcome to module 2 1分钟
Casey: Apply soft skills in cybersecurity 2分钟
The importance of network traffic flows 3分钟
Data exfiltration attacks 4分钟
Packets and packet captures 3分钟
Interpret network communications with packets 2分钟
Reexamine the fields of a packet header 4分钟
Packet captures with tcpdump 4分钟
Wrap-up 1分钟

10篇阅读材料总计64分钟

Maintain awareness with network monitoring 8分钟
Learn more about packet captures 8分钟
Investigate packet details 8分钟
Resources for completing labs 4分钟
Lab tips and troubleshooting steps 4分钟
Exemplar: Analyze your first packet 8分钟
Overview of tcpdump 8分钟
Exemplar: Capture your first packet 8分钟
Activity Exemplar: Research network protocol analyzers 4分钟
Glossary terms from module 2 4分钟

5个作业总计104分钟

Module 2 challenge 50分钟
Test your knowledge: Understand network traffic 8分钟
Test your knowledge: Capture and view network traffic 8分钟
Test your knowledge: Packet inspection 8分钟
Activity: Research network protocol analyzers 30分钟

4个应用程序项目总计80分钟

Activity: Analyze your first packet 30分钟
Optional Exemplar: Analyze your first packet 10分钟
Activity: Capture your first packet 30分钟
Optional Exemplar: Capture your first packet 10分钟

In this module, Learners will explore the various processes and procedures in the stages of incident detection, investigation, analysis, and response as framed by NIST. They will utilize VirusTotal as an investigative tool to analyze the details of suspicious file hashes. Learners will recognize the importance of documentation and evidence collection during the detection and response stages. Finally, learners will approximate an incident’s chronology by mapping artifacts to reconstruct an incident’s timeline.

涵盖的内容

11个视频11篇阅读材料7个作业2个插件

11个视频总计27分钟

Welcome to module 3 1分钟
The detection and analysis phase of the lifecycle 2分钟
MK: Changes in the cybersecurity industry 3分钟
The benefits of documentation 2分钟
Document evidence with chain of custody forms 4分钟
The value of cybersecurity playbooks 3分钟
The role of triage in incident response 3分钟
Robin: Foster cross-team collaboration 3分钟
The containment, eradication, and recovery phase of the lifecycle 2分钟
The post-incident activity phase of the lifecycle 2分钟
Wrap-up 1分钟

11篇阅读材料总计78分钟

Cybersecurity incident detection methods 8分钟
Ongoing Monitoring of CI/CD 10分钟
Indicators of compromise 8分钟
Analyze indicators of compromise with investigative tools 8分钟
Activity Exemplar: Investigate a suspicious file hash 4分钟
Best practices for effective documentation 8分钟
Activity Exemplar: Use a playbook to respond to a phishing incident 4分钟
The triage process 8分钟
Business continuity considerations 8分钟
Post-incident review 8分钟
Glossary terms from module 3 4分钟

7个作业总计144分钟

Module 3 challenge 50分钟
Activity: Investigate a suspicious file hash 20分钟
Test your knowledge: Incident detection and verification 8分钟
Activity: Use a playbook to respond to a phishing incident 30分钟
Test your knowledge: Response and recovery 8分钟
Activity: Review a final report 20分钟
Test your knowledge: Post-incident actions 8分钟

2个插件总计20分钟

Identify: Indicators of compromise 10分钟
Identify: Explore an incident event timeline 10分钟

In this module, learners will be provided with a conceptual overview of logs and their role in intrusion detection systems (IDSs) and Security Information and Event Management tools (SIEMs). The module will discuss the general concept of an IDS and how it works to detect attacks before highlighting specific IDS and SIEM products, such as Suricata, Splunk, Google SecOps (Chronicle), and Wazuh, respectively. Learners will then develop an understanding of how to access and navigate within Suricata and how basic rules are set up to provide alerts, events, and logs for malicious network traffic. This module will conclude with an introduction to Splunk, Google SecOps (Chronicle), and Wazuh, and will showcase some of their features, including common commands for search queries.

涵盖的内容

14个视频13篇阅读材料7个作业2个应用程序项目1个插件

14个视频总计41分钟

Welcome to module 4 1分钟
The importance of logs 4分钟
Rebecca: Learn new tools and technologies 2分钟
Variations of logs 4分钟
Security monitoring with detection tools 4分钟
Grace: Security mindset in detection and response 3分钟
Components of a detection signature 4分钟
Examine signatures with Suricata 4分钟
Examine Suricata logs 2分钟
Reexamine SIEM tools 2分钟
Query for events with Splunk 4分钟
Query for events with Google SecOps 4分钟
Wrap-up 1分钟
Course wrap-up 2分钟

13篇阅读材料总计82分钟

Best practices for log collection and management 8分钟
Overview of log file formats 8分钟
Detection tools and techniques 8分钟
Overview of Suricata 8分钟
Exemplar: Explore signatures with Suricata 8分钟
Log sources and log ingestion 8分钟
Search methods with SIEM tools 8分钟
Follow-along guide for Wazuh setup 10分钟
Glossary: Network traffic and logs using IDs and SIEM Tools 4分钟
Portfolio Activity Exemplar: Finalize your incident handler's journal 4分钟
Reflect and connect with peers 2分钟
Course 6 glossary 2分钟
Get started on the next course 4分钟

7个作业总计164分钟

Module 4 challenge 50分钟
Portfolio Activity: Finalize your incident handler's journal 30分钟
Test your knowledge: Overview of logs 8分钟
Test your knowledge: Log components and formats 8分钟
Test your knowledge: Overview of intrusion detection systems (IDS) 8分钟
Activity: Perform a query with Wazuh 30分钟
Test your knowledge: Overview of SIEM tools 30分钟

2个应用程序项目总计40分钟

Activity: Explore signatures and logs with Suricata 30分钟
Optional Exemplar: Explore signatures and logs with Suricata 10分钟

1个插件总计10分钟

Identify: Match log files to their file format 10分钟

获得职业证书

将此证书添加到您的 LinkedIn 个人资料、简历或履历中。在社交媒体和绩效考核中分享。

位教师

授课教师评分

(743个评价)

Google Career Certificates

Google

386 门课程 15,900,212 名学生

提供方

Google

从 Computer Security and Networks 浏览更多内容

Google
Introduction to Detection and Incident Response
课程
Edureka
Incident Response and Threat Mitigation
课程
Pearson
Cybersecurity Prevention and Detection: Unit 3
课程
Edureka
Incident Response and Cyber Forensics
课程

人们为什么选择 Coursera 来帮助自己实现职业发展

Felipe M.

自 2018开始学习的学生

''能够按照自己的速度和节奏学习课程是一次很棒的经历。只要符合自己的时间表和心情，我就可以学习。'

Jennifer J.

自 2020开始学习的学生

''我直接将从课程中学到的概念和技能应用到一个令人兴奋的新工作项目中。'

Larry W.

自 2021开始学习的学生

''如果我的大学不提供我需要的主题课程，Coursera 便是最好的去处之一。'

Chaitanya A.

''学习不仅仅是在工作中做的更好：它远不止于此。Coursera 让我无限制地学习。'

学生评论

5 stars
84.09%
4 stars
11.53%
3 stars
2.87%
2 stars
0.71%
1 star
0.77%

显示 3/3337 个

已于 Sep 15, 2023审阅

Very Informative and now i am certain i want to do this type of work. I want to protect everyone's data and privacy. Hopefully automated so we dont have to manually go through confidential data.

已于 Sep 25, 2023审阅

just a few improvements that should be made, some parts confused me of not knowing what is being asked of me. Other than that, it's an excellent course.

已于 May 8, 2025审阅

The professor’s teaching is excellent, making complex topics easy to understand. The study material provided is also awesome and very helpful for learning. Highly recommended!

查看更多评论

通过 Coursera Plus 开启新生涯

无限制访问 10,000+ 世界一流的课程、实践项目和就业就绪证书课程 - 所有这些都包含在您的订阅中

了解更多

通过在线学位推动您的职业生涯

获取世界一流大学的学位 - 100% 在线

探索学位

加入超过 3400 家选择 Coursera for Business 的全球公司

提升员工的技能，使其在数字经济中脱颖而出

了解更多

常见问题

To access the course materials, assignments and to earn a Certificate, you will need to purchase the Certificate experience when you enroll in a course. You can try a Free Trial instead, or apply for Financial Aid. The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.

When you enroll in the course, you get access to all of the courses in the Certificate, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile.