Rapid Incident Response with Cisco Extended Detection & Response (XDR)
🎯 Mission Briefing: Kick off your adventure with a hands-on lab designed to enhance your investigation and incident response expertise.
🌐 Defend against sophisticated APTs with Cisco XDR: Learn how to empower your teams to go from endless investigation to remediating the highest priority incidents with greater speed, efficiency, and confidence. We will explore how to:
· Identify patterns and correlations in threat activity with root cause and attack chain analysis
· Leverage machine learning to prioritize incidents based on risk and impact
· Elevate productivity with automation and guidance
Agendas
Workshop Kickoff & Slide PresentationIntroductions, objectives, threat landscape, and tool orientation. |
|
Navigating Cisco XDRBrief platform walkthrough for first-time users. |
|
Lab-Phase 1: Initial AccessInvestigate how attackers first entered the environment through phishing techniques. |
|
Lab-Phase 2: DiscoveryAnalyze adversary reconnaissance activity within the compromised network. |
|
Lab-Phase 3: Privilege EscalationIdentify lateral movement techniques and privilege abuse across endpoints. |
|
Lab-Phase 4: Credential AccessUncover the methods used to dump and reuse credentials for persistence. |
|
Lab-Phase 5: Defense EvasionTrack how attackers disabled tools and obscured their presence. |
|
Lab-Phase 6: ExfiltrationAnalyze data movement and identify staging or exfiltration behaviors. |
|
Lab-Phase 7: Containment & ResponseUse Cisco XDR and integrated tools to contain the threat and recommend response actions. |
|
Q&A, Survey, Certificates |
