The eCIR is a highly technical certification that requires advanced knowledge of networks, systems and cyber attacks. Anyone can attempt the certification exam; however, below are suggested skills to possess for a successful outcome
The eLearnSecurity Certified Incident Responder (eCIR) exam challenges cyber security professionals to solve complex Incident Handling & Response scenarios in order to become certified.
Only individuals who provide proof of their findings in addition to identifying any attacker activities are awarded the eCIR Certification.
You will need to blend multiple detection and analysis methodologies to effectively respond to the exam’s incidents. Traffic analysis, event/log analysis within ELK and Splunk and event correlation are required. A skillset like this will make you a valuable asset in the corporate sector.
Here are some of the ways eLearnSecurity Certified Incident Responder certification is different from conventional exams:
Instead of putting you through a series of multiple-choice questions, you are expected to perform actual Incident Response activities on two different corporate networks. Both Incident Response simulations are modeled after real-world scenarios and cutting-edge attacking techniques.
Contenuto del corso :
Letters of engagement and the basics related to an Incident Response engagement
Advanced networking concepts
Knowledge of Incident Response processes and methodologies
Ability to correlate events and logs
Familiarly with tools such as Wireshark, ELK & Splunk
Cyber crime Techniques, Tactics & Procedures
Detection of all stages of the “Cyber Kill Chain”
Familiarity with ELK and Splunk searches
Ability to effectively analyze thousands of events within a SIEM
Good understanding of Windows (and Sysmon) events
Attacker activity detection through process analysis