Appreciate your guide for preparing for the eCIR exam ?

mohamed194mohamed194 Junior MemberRegistered Users Posts: 9 ■■■□□□□□□□
Hello,
I am planning to register for the eCIR exam and want some help for preparing for it I have some experience in Splunk 
Tagged:

Best Answer

  • chrisonechrisone Senior Member Member Posts: 2,230 ■■■■■■■■■□
    Accepted Answer
    The eLearnSecurity Incident Response Professional certification will require that you take the necessary INE IHRP course. If you just want to take the exam, I don't think this will be a wise decision and a waste of your $400. 
    Ultimately if you choose to take the exam without the course, I advise you to look at the syllabus, note all the topics and do your own googling for tutorials on each topic until you have mastered them. 

    The eCIR is a highly technical certification that requires advanced knowledge of networks, systems and cyber attacks. Anyone can attempt the certification exam; however, below are suggested skills to possess for a successful outcome:

    • Letters of engagement and the basics related to an Incident Response engagement
    • Advanced networking concepts
    • Knowledge of Incident Response processes and methodologies
    • Packet/traffic analysis
    • Ability to correlate events and logs
    • Familiarly with tools such as Wireshark, ELK & Splunk
    • Cyber crime Techniques, Tactics & Procedures
    • Detection of all stages of the “Cyber Kill Chain”
    • Familiarity with ELK and Splunk searches
    • Ability to effectively analyze thousands of events within a SIEM
    • Good understanding of Windows (and Sysmon) events
    • Attacker activity detection through process analysis
    Good luck on your journey. 
    Certs: CISSP, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2021 Goals
    Courses: eLearnSecurity - PTXv2 (complete), SANS 699: Purple Team Tactics (completed), PentesterLabs Pro (ongoing)
    EnCase Courses: DF120 (complete), DF210 (in progress), DF310
    Certs: AZ-500, SC-200 (passed), SC-300 (next), EnCE, Splunk Core Power User (passed), Splunk Enterprise Sys Admin

Answers

  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,404 Admin
    Please post some links to this certification.
  • mohamed194mohamed194 Junior Member Registered Users Posts: 9 ■■■□□□□□□□
  • mohamed194mohamed194 Junior Member Registered Users Posts: 9 ■■■□□□□□□□

    chrisone said:
    The eLearnSecurity Incident Response Professional certification will require that you take the necessary INE IHRP course. If you just want to take the exam, I don't think this will be a wise decision and a waste of your $400. 
    Ultimately if you choose to take the exam without the course, I advise you to look at the syllabus, note all the topics and do your own googling for tutorials on each topic until you have mastered them. 

    The eCIR is a highly technical certification that requires advanced knowledge of networks, systems and cyber attacks. Anyone can attempt the certification exam; however, below are suggested skills to possess for a successful outcome:

    • Letters of engagement and the basics related to an Incident Response engagement
    • Advanced networking concepts
    • Knowledge of Incident Response processes and methodologies
    • Packet/traffic analysis
    • Ability to correlate events and logs
    • Familiarly with tools such as Wireshark, ELK & Splunk
    • Cyber crime Techniques, Tactics & Procedures
    • Detection of all stages of the “Cyber Kill Chain”
    • Familiarity with ELK and Splunk searches
    • Ability to effectively analyze thousands of events within a SIEM
    • Good understanding of Windows (and Sysmon) events
    • Attacker activity detection through process analysis
    Good luck on your journey. 
    Thanks for your response appreciate your help

Sign In or Register to comment.