-First date to test: November 17, 2020
-No Books, No Exams , No Reference, Only Exam Blue Prints For Now, Just How We Like It
-Cisco Cyber Ops Study Group global collaboration effort for the CBRCOR Exam
-Feel free to contribute by providing resources which you feel best match the exam objectives
-NEW PULL REQUEST -> REVIEW PULL REQUEST -> APPROVE -> MERGE INTO MASTER
| 1.2 Determine the tools needed based on a playbook scenario |
|---|
| Microsoft - CISO Series: Lessons learned from the Microsoft SOC-Part 1: Organization |
| Microsoft - Become an Azure Sentinel Ninja: The complete level 400 training |
| 1.3 Apply the playbook for a common scenario (for example, unauthorized elevation of privilege, DoS and DDoS, website defacement) |
|---|
| Incidentresponse.com Playbooks |
| 1.4 Infer the industry for various compliance standards (for example, PCI, FISMA, FedRAMP, SOC, SOX, PCI, GDPR, Data Privacy, and ISO 27101) |
|---|
| 1.5 Describe the concepts and limitations of cyber risk insurance |
|---|
| 1.6 Analyze elements of a risk analysis (combination asset, vulnerability, and threat) |
|---|
| 1.7 Apply the incident response workflow |
|---|
| 1.8 Describe characteristics and areas of improvement using common incident response metrics |
|---|
| 1.9 Describe types of cloud environments (for example, IaaS platform) |
|---|
| Microsoft - Type of cloud services |
| 1.10 Compare security operations considerations of cloud platforms (for example, IaaS, PaaS) |
|---|
| 2.1 Recommend data analytic techniques to meet specific needs or answer specific questions |
|---|
| 2.2 Describe the use of hardening machine images for deployment |
|---|
| CIS - CIS Hardend Images |
| 2.3 Describe the process of evaluating the security posture of an asset |
|---|
| 2.4 Evaluate the security controls of an environment, diagnose gaps, and recommend improvement |
|---|
| 2.5 Determine resources for industry standards and recommendations for hardening of systems |
|---|
| 2.6 Determine patching recommendations, given a scenario |
|---|
| 2.7 Recommend services to disable, given a scenario |
|---|
| 2.8 Apply segmentation to a network |
|---|
| 2.9 Utilize network controls for network hardening |
|---|
| 2.10 Determine SecDevOps recommendations (implications) |
|---|
| 2.11 Describe use and concepts related to using a Threat Intelligence Platform (TIP) to automate intelligence |
|---|
| 2.12 Apply threat intelligence using tools |
|---|
| 2.13 Apply the concepts of data loss, data leakage, data in motion, data in use, and data at rest based on common standards |
|---|
| 2.14 Describe the different mechanisms to detect and enforce data loss prevention techniques |
|---|
| 2.14.a host-based |
|---|
| 2.14.b network-based |
|---|
| 2.14.c application-based |
|---|
| 2.14.d cloud-based |
|---|
| 2.15 Recommend tuning or adapting devices and software across rules, filters, and policies |
|---|
| 2.16 Describe the concepts of security data management |
|---|
| 2.17 Describe use and concepts of tools for security data analytics |
|---|
| 2.18 Recommend workflow from the described issue through escalation and the automation needed for resolution |
|---|
| 2.19 Apply dashboard data to communicate with technical, leadership, or executive stakeholders |
|---|
| 2.20 Analyze anomalous user and entity behavior (UEBA) |
|---|
| Splunk - What is user behavior analytics (UBA/UEBA) |
| Splunk App - Splunk User Behavior Analytics (Splunk UBA) |
| 2.21 Determine the next action based on user behavior alerts |
|---|
| 2.22 Describe tools and their limitations for network analysis (for example, packet capture tools, traffic analysis tools, network log analysis tools) |
|---|
| 2.23 Evaluate artifacts and streams in a packet capture file |
|---|
| Malware-Traffic-Analysis.net |
| 2.24 Troubleshoot existing detection rules |
|---|
| 2.25 Determine the tactics, techniques, and procedures (TTPs) from an attack |
|---|
| MITRE ATT&CK |
| UNIT 42 PLAYBOOK VIEWER |
| 3.1 Prioritize components in a threat model |
|---|
| 3.2 Determine the steps to investigate the common types of cases |
|---|
| 3.3 Apply the concepts and sequence of steps in the malware analysis process: |
|---|
| 3.3.a Extract and identify samples for analysis (for example, from packet capture or packet analysis tools) |
|---|
| 3.3.b Perform reverse engineering |
|---|
| 3.3.c Perform dynamic malware analysis using a sandbox environment |
|---|
| 3.3.d Identify the need for additional static malware analysis |
|---|
| 3.3.e Perform static malware analysis |
|---|
| 3.3.f Summarize and share results |
|---|
| 3.4 Interpret the sequence of events during an attack based on analysis of traffic patterns |
|---|
| 3.5 Determine the steps to investigate potential endpoint intrusion across a variety of platform types (for example, desktop, laptop, IoT, mobile devices) |
|---|
| 3.6 Determine known Indicators of Compromise (IOCs) and Indicators of Attack (IOAs), given a scenario |
|---|
| 3.7 Determine IOCs in a sandbox environment (includes generating complex indicators) |
|---|
| 3.8 Determine the steps to investigate potential data loss from a variety of vectors of modality (for example, cloud, endpoint, server, databases, application), given a scenario |
|---|
| 3.9 Recommend the general mitigation steps to address vulnerability issues |
|---|
| 3.10 Recommend the next steps for vulnerability triage and risk analysis using industry scoring systems (for example, CVSS) and other techniques |
|---|
| 4.1 Compare concepts, platforms, and mechanisms of orchestration and automation |
|---|
| 4.2 Interpret basic scripts (for example, Python) |
|---|
| Realpython.com - Run Python Scripts |
| 4.3 Modify a provided script to automate a security operations task |
|---|
| 4.4 Recognize common data formats (for example, JSON, HTML, CSV, XML) |
|---|
| Guru99.com - JSON |
| W3.org - XML VS HTML |
| CSV |
| 4.5 Determine opportunities for automation and orchestration |
|---|
| 4.6 Determine the constraints when consuming APIs (for example, rate limited, timeouts, and payload) |
|---|
| 4.7 Explain the common HTTP response codes associated with REST APIs |
|---|
| COMMVAULT |
| 4.8 Evaluate the parts of an HTTP response (response code, headers, body) |
|---|
| Tutorialspoint - HTTP - Quick Guide |
| 4.9 Interpret API authentication mechanisms: basic, custom token, and API keys |
|---|
| 4.10 Utilize Bash commands (file management, directory navigation, and environmental variables) |
|---|
| Linux Professional Institue - Learning |
| 4.11 Describe components of a CI/CD pipeline |
|---|
| Semaphore - CI/CD Pipeline: A Gentle Introduction |
| 4.12 Apply the principles of DevOps practices |
|---|
| Devops Agile Skills Association - DASA DEVOPS PRINCIPLES |
| 4.13 Describe the principles of Infrastructure as Code |
|---|
| O'Reilly - Test-Driven Infrastructure with Chef by Stephen Nelson-Smith |