Incident Response Triage: Initial Triage and Data Collection (IR215)
CISA is proud to offer the Initial Triage and Data Collection Cyber Range Training (IR215). We are excited to share this information with stakeholders across the federal enterprise and nationally.
This 4-hour skills development cyber range training provides best practices for strengthening detection and initial response capabilities for more effective triaging. Through case studies, presentations by expert facilitators, demonstrations, and lab exercises, participants will explore the tools and techniques necessary to identify suspicious and malicious activity in an enterprise environment.
Throughout the course participants will:
- Practice initial response tactics to an Advanced Persistent Threat (APT) including ransomware attacks, while emphasizing the importance of speed and accuracy in collecting the data from logs, systems, and network traffic.
- Utilize automated tools for initial data gathering and the manual collection of evidence.
This course is ideal for those working in cybersecurity roles who are interested in learning technical incident response skills and requires active engagement from all participants. The course assumes a mixed audience (e.g., from disparate teams and organizations) of mixed capability.
Approved registrants must attend a mandatory student technical check the day before the training to establish a connection to the course content and lab environment.
Please note we have two options to participate.
Option 1:
Join the class as an observer and actively participate in discussions and watch live demonstrations of the cyber range lab activities. This is an ideal solution for the entry-level student seeking to learn more about initial triage and data collection and to view the guided lab demonstrations. This option has more seats available for students.
Option 2:
Join the class and participate in the virtual lab activities. This option has limited seats and is best suited for students who are ready to practice their skills in the cyber range. It does require additional technical lab access and sessions to participate. If the lab option is already full, we encourage you to register for the observe option.
EVENT LOGISTICS
- Date: Offered August 27, 2024, August 28, 2024, and August 29, 2024
- Time: 9 a.m. to 1 p.m. EDT
- Location: Online via WebEx
- CPE Credit: Participants can earn 4 CPE credits for attending this course.
- Attendee Requirements: This course requires active participation. Attendees can use government-issued computers or personal computers. A second monitor is recommended.
- Note: Audio is through WebEx; there is no external dial-in.
- Closed captioning (English only) will be available during this training event. Previously recorded webinars are available on the CISA YouTube Channel for playback in other languages, if required.
Due to participation requirements, please register no later than 48 hours before the course starts. Cyber Insights will not accept registrations made less than 48 hours before the course start.