...
cyber arena logo

Incident Response

Detection, Investigation and Response to Cyber Incidents. Super Active Hands-On Attack Live Fire. Hands-on training for SOC Analysts (Tier 1–3), DFIR and Incident Response Teams, Threat Hunters, and Malware Analysts.
Learn more

Duration and Schedule:

  • 3 days Days
  • 09:00 - 17:00

Address:

  • Equilibrium 2, Street Gara Herăstrău 2C, 2nd Floor, Bucharest

Price:

  • 1700 (NO VAT)

Trainer

Picture of TBD

TBD

Who Can Attend

  • SOC Analysts (Tier 1–3)
  • DFIR and Incident Response Practitioners
  • Threat Hunters and Security Engineers
  • Incident Response Team Leaders
  • Decision Makers
  • Malware Analysts
  • IT Professionals
  • Security Operations Managers
  • CISOs

What You Will Learn

Understanding the complete incident response lifecycle and applying it in real-world environments, developing the ability to think from the adversary’s perspective, identifying and mapping relevant threat actors, conducting structured security incident investigations, applying DFIR tools and methodologies, executing containment and recovery decisions in realistic scenarios, and turning incidents into actionable lessons to improve security posture.

Prerequisites

Basic networking knowledge, familiarity with Windows and Linux operating systems, fundamental cybersecurity knowledge and common attack types, basic experience with logs, alerts or security monitoring systems, and general knowledge of SOC or incident response workflows. Intermediate knowledge level — similar to CTI.

Detailed Curriculum

CHAPTER 1: Introduction to Incident Response
Incident response lifecycle phases and the roles of SOC, DFIR, and management in crisis handling. Security incident simulation exercise focused on reasoning, coordination, and escalation.
CHAPTER 2: The Attacker's Perspective
Adversary motivations, emerging attack techniques, and the hacker’s decision-making process across different attack stages. Exercise: profiling a threat actor and mapping TTPs relevant to your industry.
CHAPTER 3: Preparation and Detection
Organizational and technical foundations needed before an incident — roles, policies, logging, and monitoring. Exercise: assessing organizational readiness and identifying gaps in visibility and procedures. Also covers the Detection and Analysis phase: al
CHAPTER 4: Containment, Eradication, and Recovery
Short- and long-term containment strategies, eradicating attacker persistence, and recovery planning balancing security with business continuity. Comparative analysis of two real-world case studies focused on practical lessons from effective and ineffecti
CHAPTER 5: DFIR Tools
Overview of tools used across the incident response lifecycle — SIEM, EDR, DFIR platforms, network analysis tools, and case management systems. Hands-on exercise managing a full incident using DFIR tools for forensic artifact analysis, endpoint data, and
CHAPTER 6: Arena Cyber Range - APT Live
Introduction to arena architecture, network topology, and scenario rules. Exercise simulating an APT attack, investigating a sophisticated long-term threat actor and testing the team’s detection, containment, and response capabilities.

FAQs

Is this course suitable for Tier 1 SOC analysts with no prior DFIR experience?
We recommend prior work experience. The first day is theory-based, and everyone starts from the same level.
What specific tools will I use during the practical exercises on days two and three?
The tools used throughout the training are: SIEM, EDR, DFIR Platforms, MITRE ATT&CK, Diamond Model, Cyber Kill Chain.

Registration

Other courses

cyber arena

Workshop Cyber AI

Cybersecurity Threats and Defense

Applied Cybersecurity. How to Fight an APT. Live Ransomware Attack. Hands-on training for Network Administrators, IT Engineers, and SOC Analysts Tier 1.
Learn more

OT Cybersecurity Essentials

Cyber Defense for Industrial Systems. Arena Power Outage. Hands-on cybersecurity training for SCADA Dispatchers, OT/SCADA Engineers, Asset Managers, and Utility Operators.
Learn more
Reîmprospătare competențe răspuns la incidente (IT) – Nivel 3

Cyber Threat Intelligence

Methodologies and Investigation. CTI – Cadet Blizzard APT. Hands-on training for CTI Analysts, Threat Hunters, and SOC Analysts.
Learn more
Seraphinite AcceleratorOptimized by Seraphinite Accelerator
Turns on site high speed to be attractive for people and search engines.