Appreciate your guide for preparing for the eCIR exam ?

Hello,
I am planning to register for the eCIR exam and want some help for preparing for it I have some experience in Splunk

Find more posts tagged with

eLearnSecurity

Accepted answers

chrisone

The eLearnSecurity Incident Response Professional certification will require that you take the necessary INE IHRP course. If you just want to take the exam, I don't think this will be a wise decision and a waste of your $400.
Ultimately if you choose to take the exam without the course, I advise you to look at the syllabus, note all the topics and do your own googling for tutorials on each topic until you have mastered them.

The eCIR is a highly technical certification that requires advanced knowledge of networks, systems and cyber attacks. Anyone can attempt the certification exam; however, below are suggested skills to possess for a successful outcome:

Letters of engagement and the basics related to an Incident Response engagement
Advanced networking concepts
Knowledge of Incident Response processes and methodologies
Packet/traffic analysis
Ability to correlate events and logs
Familiarly with tools such as Wireshark, ELK & Splunk
Cyber crime Techniques, Tactics & Procedures
Detection of all stages of the “Cyber Kill Chain”
Familiarity with ELK and Splunk searches
Ability to effectively analyze thousands of events within a SIEM
Good understanding of Windows (and Sysmon) events
Attacker activity detection through process analysis

Good luck on your journey.

All comments

JDMurray

Please post some links to this certification.

chrisone

The eCIR is a highly technical certification that requires advanced knowledge of networks, systems and cyber attacks. Anyone can attempt the certification exam; however, below are suggested skills to possess for a successful outcome:

Letters of engagement and the basics related to an Incident Response engagement
Advanced networking concepts
Knowledge of Incident Response processes and methodologies
Packet/traffic analysis
Ability to correlate events and logs
Familiarly with tools such as Wireshark, ELK & Splunk
Cyber crime Techniques, Tactics & Procedures
Detection of all stages of the “Cyber Kill Chain”
Familiarity with ELK and Splunk searches
Ability to effectively analyze thousands of events within a SIEM
Good understanding of Windows (and Sysmon) events
Attacker activity detection through process analysis

Good luck on your journey.

mohamed194

JDMurray said:

Please post some links to this certification.

https://elearnsecurity.com/product/ecir-certification/

mohamed194

chrisone said:

The eLearnSecurity Incident Response Professional certification will require that you take the necessary INE IHRP course. If you just want to take the exam, I don't think this will be a wise decision and a waste of your $400.
Ultimately if you choose to take the exam without the course, I advise you to look at the syllabus, note all the topics and do your own googling for tutorials on each topic until you have mastered them.

The eCIR is a highly technical certification that requires advanced knowledge of networks, systems and cyber attacks. Anyone can attempt the certification exam; however, below are suggested skills to possess for a successful outcome:
Letters of engagement and the basics related to an Incident Response engagement
Advanced networking concepts
Knowledge of Incident Response processes and methodologies
Packet/traffic analysis
Ability to correlate events and logs
Familiarly with tools such as Wireshark, ELK & Splunk
Cyber crime Techniques, Tactics & Procedures
Detection of all stages of the “Cyber Kill Chain”
Familiarity with ELK and Splunk searches
Ability to effectively analyze thousands of events within a SIEM
Good understanding of Windows (and Sysmon) events
Attacker activity detection through process analysis
Good luck on your journey.

Thanks for your response appreciate your help