Automated Incident Response Playbooks with Windows Event Logs, MS Defender, and Crowdstrike for Beginner SOC Analysts

Master the fundamentals of automated incident response by leveraging Windows Event Logs, Microsoft Defender, and Crowdstrike to build effective playbooks for a proactive security posture.

...

Introduction to Automated Incident Response in the SOC

Unit 1: Understanding Incident Response

Unit 2: Key Components of Automated Incident Response

Unit 3: Automated Incident Response Workflow

Windows Event Log Fundamentals for Security

Unit 1: Understanding Windows Event Logs

Unit 2: Security-Relevant Event Logs

Unit 3: Configuring Event Log Settings

Centralized Event Log Collection and Forwarding

Unit 1: Fundamentals of Centralized Event Log Collection

Unit 2: Configuring and Securing Windows Event Forwarding

Unit 3: Advanced Topics and Troubleshooting

Microsoft Defender for Endpoint Integration

Unit 1: Introduction to Microsoft Defender for Endpoint

Unit 2: Configuring Defender for Optimal Threat Detection

Unit 3: Microsoft Defender API Deep Dive

Automated Actions with Microsoft Defender

Unit 1: Isolating Infected Machines

Unit 2: Automated Scans

Unit 3: Customizing and Managing Actions

Crowdstrike Falcon Real Time Response (RTR) Integration

Unit 1: Introduction to Crowdstrike Falcon and RTR

Unit 2: Configuring and Using Crowdstrike Falcon RTR

Unit 3: Security Considerations and Integration

Forensic Data Gathering with Crowdstrike RTR

Unit 1: Introduction to Forensic Data Gathering with Crowdstrike RTR

Unit 2: Automating Forensic Artifact Collection

Unit 3: Analyzing and Managing Forensic Data

Building a Basic Incident Response Playbook

Unit 1: Playbook Foundations

Unit 2: Data Integration and Automation

Unit 3: Playbook Implementation and Testing

Unit 4: Documentation and Maintenance