What you’ll learn:
Day 1: Research with SOC operations
- Understand adversary motivations and tactics through reviewing real case studies from the research and education sector.
- Learn key business risks that Universities need to address.
- Create an attack map using tools such as MITRE Attack Framework using reports from real incidents to show how the adversary worked towards their goal.
Days 2 & 3: Threat visibility and detection techniques
Using the knowledge gained on day 1 creating the attack map, work with the AARNet SOC engineering, Customer Success, and SOC Analyst teams to:
- Review the data coming into the SOC to identify where activity may be visible.
- Determine detections that can be put in place considering rule efficacy metrics, such as true positive and false positive rates.
Day 4: Report back to the SOC
- Create a summary presentation to capture findings and observations.
- Present a threat intelligence briefing with recommendations for preventing, detecting and responding to the attack techniques used in the scenario.