Certified Cyber Threat Intelligence Analyst

In a world where cyber threats are becoming increasingly sophisticated, equipping yourself with the skills to defend against potential attacks is paramount. Our Certified Cyber Threat Intelligence Analyst training is designed to empower individuals and organizations with the knowledge and tools to navigate the complex landscape of cybersecurity threats effectively.

In-Depth Understanding: Gain profound insights into security threats, attack methodologies, vulnerabilities, and the behavior of cyber attackers. Acquire knowledge of the MITRE ATT&CK Framework to identify attacker techniques, tactics, and procedures, enabling you to investigate indicators of compromise and respond promptly.
Threat Intelligence Integration: Learn the essentials of Threat Intelligence and how to seamlessly integrate it with critical technologies such as SIEM, SOAR, EDR, and other SOC technologies. This integration reduces the Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR), enhancing your organization's cyber resilience.
Setting Up a Threat Intelligence Framework: Acquire the skills to establish a robust Threat Intelligence Framework and platform for your organization. Learn to consume data from community and commercial feeds, providing a comprehensive understanding of attacks and fortifying defenses against future threats.
Malware Information Sharing: Understand the intricacies of setting up a Malware Information Sharing Platform (MISP). Gain practical insights into configuring and integrating MISP with incident response processes using HIVE, automating them into a cohesive workflow.

Training Duration: 5 Days

SBL-Khas Claimable
Certificate Of Completion Available
Private In-House Class Available
ILT & VILT Class Available

Download Course Outline

CCTIA: Certified Cyber Threat Intelligence Analyst

RM5,500.00

The attendees of this training will learn in-depth about security threats, attacks, vulnerabilities, and attacker behavior. They will also learn about the MITRE ATT&CK Framework and how to identify attacker techniques, tactics, and procedures in order to investigate indicators of compromise and respond to eliminate the attack or incident. The training will also cover the concepts of Threat Intelligence and how to integrate it with various technologies such as SIEM, SOAR, EDR, and other SOC technologies to reduce the time it takes to detect and respond to attacks. Attendees will also learn how to set up a Threat Intelligence Framework and platform for their organization and consume community and commercial feeds to understand attacks and defend their organization from future attacks. Additionally, attendees will learn how to set up a Malware Information Sharing Platform and integrate it with incident response processes using HIVE and automate them as a single workflow.

Threat Intelligence enables Businesses to provide the best possible defense against the most probable threats. This course introduces attendees with the basics concepts of Threat Intelligence and take them thru the entire process of setting up a Threat Intel Platform using MISP to consume all the intelligence from around 80+ global community feeds and also enables the attendees to share intelligence on malwares and attacks back to the community.
Threat Intelligence is an evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard. With Intelligence and Automation equipping cyber criminals to conduct targeted and stealth attacks, it us utmost important for enterprises to be equipped with cyber threat intelligence to achieve a cyber resilient posture.

Gain in-depth knowledge of security threats, attacks, vulnerabilities, attacker’s behaviors, cyber kill chain, SOC processes, procedures, technologies, and automation workflows

Understand the MITRE ATT&CK Framework and Able to identify attacker techniques, tactics, and procedures (TTP) to investigate on indicators of compromise (IOCs) and provide automated / manual responses to eliminate the attack/incident

Able to understand the concepts of Threat Intelligence and gain in-depth knowledge on how to integrate Threat Intelligence with the SIEM, SOAR, EDR and other SOC technologies to reduce the Mean time to Detect (MTTD) and Mean time to Respond (MTTR)

Able to Understand and learn how to setup a Threat Intelligence Framework and platform for your organization and consume community and commercial feeds to understand attacks and defend your organization from future attacks

Gain in-depth knowledge on Malware Information Sharing Platform (MISP) and learn to setup a working instance with configurations and integrations that can be used immediately in your organisation

Gain knowledge of Incident Response Methodology, processes and in-depth knowledge on how to integrate Threat Intelligence processes with Incident Response processes using HIVE and learn how to automate them as a single workflow
No prerequisites.
Cybersecurity Analysts

Network and Security Administrators

Entry-level cybersecurity professionals

SOC Analyst
Option 1: GlobalACE Certification
Certified Cyber Threat Intelligence Analyst (CCTIA)

The CCTIA examination is certified by the Global ACE Certification. The examination framework is designed to align with a set of relevant Knowledge, Skills and Attitudes (KSA) that is necessary for an Information Security Professional. Candidates will be tested via a combination of either continual assessment (CA), multiple choice questions (MC), theory/underpinning knowledge assessment (UK), practical assessment (PA), assignments (AS) and case studies (CS) as required.

Candidates can take the examination at authorized examination centres in participating scheme member countries. Candidates who have successfully passed the CCTIA examination will be eligible to apply as an associate or professional member by fulfilling the membership criteria defined under the Global ACE Certification.

Free Add-on : Free Membership access to KALAM Cybersecurity Collaboration & Community Skills Validation Platform

Option 2: Cybertronium Certification
Certified Cyber Threat Intelligence Analyst (CCTIA)

Exam Platform : KALAM

Exam Format : Multiple Choice Question (MCQ)

Exam Questions : 50 Questions

Exam Duration is : 90 Minutes

Exam Pass Mark : 70%

Exam Fees : Inclusive in the Course Fees

Free Add-on : Free Membership access to KALAM Cybersecurity Collaboration & Community Skills Validation Platform
Module 1:   Introduction to Threat Intelligence

Understanding Threats, Threat Modeling and Risk

What is Threat Intelligence

Need for Threat Intelligence

Benefits of Threat Intelligence

Types of Threat Intelligence

Threat Intelligence Life Cycle

Sources of Threat Intelligence

Technologies contributing to Threat Intelligence ( SIEM, EDR, Log Sources )

Threat Intelligence & SOC

Incident Response & Threat Intelligence

Applications of Threat Intelligence

Threat Intelligence Frameworks ( CIF, MISP, TAXII)

Role of Threat Intelligence Analyst & Threat Hunters

Module 2:   Technical Deep Dive on Latest Attacks

What is Security, Vulnerabilities & O-Days, Attack life Cycle, Different Attack Vectors

Threats Vs. Risks, Why Perimeter defenses are failing? Why Anti-Virus is not enough?

Introduction to Cyber Kill Chain

Indicators of Compromise (IOC) & IOC Sources (OTX, MISP)

Business Email Compromise (BEC) (Lab) with Indicators of Compromise

Ransomware (Lab) with Indicators of Compromise

Advanced Persistent Threat (Lab) with Indicators of Compromise

File-less Malwares (Lab) with Indicators of Compromise

Mobile Malwares (Lab) with Indicators of Compromise

Web Data Breach (Lab) with Indicators of Compromise

Malvertising (Lab) with Indicators of Compromise

Social Media based attacks (Lab) with Indicators of Compromise

Password based attacks (Password Stuffing, Account Takeover, Phishing, etc) (Lab)

What is MITRE ATT&CK Framework ?

Tactics, Techniques and Procedures (TTP)

Threat Actors

ATT&CK Navigator

The ThreatHunter-Playbook

Atomic Red Team Library

Threat-Based Adversary Emulation with ATT&CK

Behavioral-based analytic detection using ATT&CK

Mapping to ATT&CK from Raw Data – Lab

Storing and analyzing ATT&CK-mapped intel

Module 3:   Setting up Threat Intel Framework

Enterprise Threat Landscape Mapping

Scope & Plan Threat Intel Program

Setup Threat Intel Team

Threat Intelligence Feeds, Sources & Data Collections

Open source Threat Intel Collections (OSINT and more)

Dark Web Threat Intel Collections

SIEM / Log Sources Threat Intel Collections

Public Web data Threat Intel Collections ( Maltego, OSTrICa, and more)

Threat Intel collections with YARA

EDR Threat Intel Collections

Incorporating Threat Intel into Incident Response

Threat Intel & Actionable Contextual Data

Commercial Threat Intel Feed Providers ( RecordedFuture, BlueLiv, etc. )

Commercial Threat Intel Platforms ( Anamoli, DigitalShadows, etc. )

Module 4:   Malware Information Sharing Platform (MISP)

MISP Project Overview

MISP Features & Use cases

Events, Objects and Attributes in MISP

MISP Data model & Core data structure

MISP - Creating and populating events

MISP - Distribution and Topology

MISP Galaxy

MISP Object Templates

MISP Deployment and Integrations

Normalizing OSINT and other community & Private Feeds

SIEM and MISP Integration

Incident Response and threat hunting using MISP

Viper and MISP

MISP Administration

MISP feeds - A simple and secure approach to generate, select and collect intelligence

MISP and Decaying of Indicators

Workflow of a security analyst using Viper as a management console for malware analysis

Module 5:   Cybersecurity Incident Response

Introduction to Incident Response

Incident Response & Handling Methodology

MISP & HIVE Integrations

HIVE Implementation

Malware Analysis Use case using MISP & HIVE

CCTIA: Certified Cyber Threat Intelligence Analyst

OVERVIEW

OBJECTIVES

PREREQUISITES

AUDIENCE

CERTIFICATION

COURSE MODULES

Private in-house class enquiry

Contact