AI Powered SecOps with SIEM and SOAR

This course explores the intersection of AI and cybersecurity, starting with a foundational understanding of AI technologies such as machine learning, deep learning, and natural language processing, as well as their applications in various industries. The content delves into mitigating risks associated with AI adoption, including risk management and ethical considerations, and identifying vulnerabilities in AI systems. The importance of integrating AI into security operations is covered through the use of AI for intrusion detection, threat intelligence, and automated incident response, as well as AI’s potential for transforming hacking techniques while highlighting AI-powered attacks and tools.  The Course also emphasizes the need for aligning AI with common security frameworks and regulatory compliance, as well as exploring future trends such as federated learning, AI-powered cyber deception, quantum computing for AI, explainable AI, and AI-driven security automation. AI Powered SecOps with SIEM and SOAR Benefits Prerequisites Attendees should have foundational knowledge in networking and cybersecurity. AI Powered SecOps with SIEM & SOAR Course Outline Learning Objectives Chapter 1: Modernizing threat management Constantly evolving landscape of cybersecurity Identify technology challenges to stay ahead of emerging threats Uncover people and process challenges and explore strategies for improvement Transform threat management with autonomic security AI based SecOps Tools: Google Chronicle, Microsoft Sentinel, Splunk Chapter 2: Basics of AI and Security Operations SOC Core Functions Challenges of Traditional SecOps Embrace Autonomic Security Operations Continuous detection continuous response, CDCR Management and ticketing systems for incident tracking Track and measure team performance Enhancing SecOps with AI & ML Chapter 3:  Collection Gather host and network data Identify data sources and information needs Configure logging and data sources Ingest and normalize data Implement data quality checks and validation Implement data retention policies Prioritize your crown jewel assets AI enhanced collection Chapter 4: Threat Detection Identify patterns of suspicious activity and detect potential security incidents Leverage SIEM tools to correlate and analyze security events Utilize threat intelligence feeds to enrich data Identify indicators of compromise (IOCs) Tactics, techniques, and procedures (or TTPs) AI enhanced detection Chapter 5: Triage Conduct initial investigation on security alerts to identify actual threats Prioritize security alerts Perform initial investigation on identified alerts Disregard false positives or low priority alerts Enrich investigation cases with additional data Escalate to senior investigators or incident response team AI enhanced triage Chapter 6: Investigation Deeper analysis of alerts by Tier 2 analysts Verify whether the alert is a true or false positive Advanced analysis of available data and IOCs Gather additional information by pivoting to other data sources Determine the duration of the investigation Address false positives for proactive threat management Collaborate with other teams, document, and share knowledge AI enhanced investigation Chapter 7: Incident Response Contain, eradicate, and recover from a security incident Identify the root cause, implement necessary controls, and remediate Minimize impact and restore operations Conduct a post-incident review Collaborate with adjacent teams and stakeholders AI enhanced Incident Response Chapter 8: Shift left adjacencies Proactive Detection and Response Threat Intelligence Threat Hunting Red Teaming/Pen Testing Vulnerability Management Upstream Influence Tabletop Exercises Compliance Collaboration with Developers Blameless Post-Mortems Threat Modeling