Appreciate your guide for preparing for the eCIR exam ?

mohamed194mohamed194 Registered Users Posts: 9 ■■■□□□□□□□
Hello,
I am planning to register for the eCIR exam and want some help for preparing for it I have some experience in Splunk 
Tagged:

Best Answer

  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    Answer ✓
    The eLearnSecurity Incident Response Professional certification will require that you take the necessary INE IHRP course. If you just want to take the exam, I don't think this will be a wise decision and a waste of your $400. 
    Ultimately if you choose to take the exam without the course, I advise you to look at the syllabus, note all the topics and do your own googling for tutorials on each topic until you have mastered them. 

    The eCIR is a highly technical certification that requires advanced knowledge of networks, systems and cyber attacks. Anyone can attempt the certification exam; however, below are suggested skills to possess for a successful outcome:

    • Letters of engagement and the basics related to an Incident Response engagement
    • Advanced networking concepts
    • Knowledge of Incident Response processes and methodologies
    • Packet/traffic analysis
    • Ability to correlate events and logs
    • Familiarly with tools such as Wireshark, ELK & Splunk
    • Cyber crime Techniques, Tactics & Procedures
    • Detection of all stages of the “Cyber Kill Chain”
    • Familiarity with ELK and Splunk searches
    • Ability to effectively analyze thousands of events within a SIEM
    • Good understanding of Windows (and Sysmon) events
    • Attacker activity detection through process analysis
    Good luck on your journey. 
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX

Answers

  • JDMurrayJDMurray Admin Posts: 13,012 Admin
    Please post some links to this certification.
  • mohamed194mohamed194 Registered Users Posts: 9 ■■■□□□□□□□
  • mohamed194mohamed194 Registered Users Posts: 9 ■■■□□□□□□□

    chrisone said:
    The eLearnSecurity Incident Response Professional certification will require that you take the necessary INE IHRP course. If you just want to take the exam, I don't think this will be a wise decision and a waste of your $400. 
    Ultimately if you choose to take the exam without the course, I advise you to look at the syllabus, note all the topics and do your own googling for tutorials on each topic until you have mastered them. 

    The eCIR is a highly technical certification that requires advanced knowledge of networks, systems and cyber attacks. Anyone can attempt the certification exam; however, below are suggested skills to possess for a successful outcome:

    • Letters of engagement and the basics related to an Incident Response engagement
    • Advanced networking concepts
    • Knowledge of Incident Response processes and methodologies
    • Packet/traffic analysis
    • Ability to correlate events and logs
    • Familiarly with tools such as Wireshark, ELK & Splunk
    • Cyber crime Techniques, Tactics & Procedures
    • Detection of all stages of the “Cyber Kill Chain”
    • Familiarity with ELK and Splunk searches
    • Ability to effectively analyze thousands of events within a SIEM
    • Good understanding of Windows (and Sysmon) events
    • Attacker activity detection through process analysis
    Good luck on your journey. 
    Thanks for your response appreciate your help

Sign In or Register to comment.