Defender 304: Security Log Management and Threat Hunting
- Duration: 16 hours
- Delivery Options: Online, In-person, Hybrid
Continue learning key defensive security concepts, including Linux log management, Windows and Linux forensics, and MS SQL technologies. Key concepts and tools include commercials SIEMs and firewalls, common mail server applications, packet capture tools.
Who should take this course
DEF-304 is designed for cyber and information security professionals looking to improve their defensive skills. It is recommended that participants have at least three to five years of cybersecurity experience or completed the DEF-302 and DEF-303.
How can you take this course
Available online live with an instructor
Available in-person either at Purdue or at your location.
Available as a combination of online and in-person
What tools you will use
Participants will use industry tools such as Active Directory, QRadar, Palo Alto Firewalls, Zennos, SysInternals, McAfee EPO, and more.
What you can expect from Defender 304: Security Log Management and Threat Hunting
Building on learning from DEF-303, DEF-304 adds a focus on malware identification/reverse engineering and an understanding of mail servers. Participants are tasked with responding to three cyberattacks with the use of commercial investigation tools. Each participant will practice spotting indicators of compromise, identifying cyberattacks, mitigation, and recovery from an attack. The range instructor will provide a debrief with full details and more techniques on how to respond to network attacks.
- Upskill current workforce
- Get hands-on with industry tools in virtual labs.
- Perfect for I.T. team expanding responsibilities
- Gain an understanding of network traffic.
- Learn industry tools in virtual labs.
- Taught remotely or in-person
While DEF-304 is recommended for teams, it can be taken as an individual. The course is taught through three instructor-led Purdue Cyber Range scenarios over the course of two days.
Purdue Cyber Range is a virtual testing ground that allows individuals and teams to experience both defensive and offensive cyberattack scenarios. Each scenario is overseen by a Range Master, ensuring your team's experience is as educational as possible.
Network Log Analysis: Understand and utilize logs and log events as analysis tools in cyber forensics.
Incident Response: Understand the foundations of identifying, containing, and recovering from a cyber attack within a network.
Adversarial Thinking: Learn how to better identify malware and bad actors by understanding antagonistic thinking.
It is recommended that all of cyberTAP courses be taken on a laptop or PC that runs either Windows or Linux as an operating system. We also recommended to have a fast and reliable internet access.