eLearnSecurity - IHRPv1 - Incident Handling and Reponse

just went through the first 2 labs IHRP v1 - looks pretty good and neat!

Nice to hear it @Skyyyyy2001. What I'm thinking of is that we have to see 4 new modules till Jan 11. Will eLS release it?

chrisone

on January 3rd they released 2 labs that correspond to the study modules that were originally released. So that was the update for that week. I suppose late January is the next update and will include 2 new modules for study modules.

I guess the following formula makes sense:
release updates (modules) for study
release updates (labs) for the released study modules

My personal thoughts are if you have already signed up for THP or GCIH certified then don't go for IHRP. Otherwise, just signed up and go for it.

chrisone

Skyyyyy2001 said:

My personal thoughts are if you have already signed up for THP or GCIH certified then don't go for IHRP. Otherwise, just signed up and go for it.

How did you like the THP course? Also how long did you study for the GCIH exam and did you take the SEC504 course?

chrisone said:

Skyyyyy2001 said:

My personal thoughts are if you have already signed up for THP or GCIH certified then don't go for IHRP. Otherwise, just signed up and go for it.

How did you like the THP course? Also how long did you study for the GCIH exam and did you take the SEC504 course?

I didn't take both THP and GCIH. This info is what I have gathered from other forums.

chrisone

Skyyyyy2001 said:

chrisone said:

Skyyyyy2001 said:

My personal thoughts are if you have already signed up for THP or GCIH certified then don't go for IHRP. Otherwise, just signed up and go for it.

How did you like the THP course? Also how long did you study for the GCIH exam and did you take the SEC504 course?

I didn't take both THP and GCIH. This info is what I have gathered from other forums.

oh ok I understand it was your personal thoughts, not personal experience.

r3nzsec

How are you IHRP folks? Have you tried some lab? I saw up to Lab 4 were uploaded in our account. Let me hear your thoughts.

r3nzsec said:

How are you IHRP folks? Have you tried some lab? I saw up to Lab 4 were uploaded in our account. Let me hear your thoughts.

Suricata topic... seems nice. Gotta check it. Looking forward for more reading materials.

r3nzsec

SleepyLCTL said:

r3nzsec said:

How are you IHRP folks? Have you tried some lab? I saw up to Lab 4 were uploaded in our account. Let me hear your thoughts.

Suricata topic... seems nice. Gotta check it. Looking forward for more reading materials.

Thanks @SleepyLCTL

I found this Suricata in some JDs like in Google, Facebook? Can't remember but one of them needs to have atleast the knowledge of it. So I think this will be a great advantage for us as well for someone new to this. I am also waiting for the additional reading as well in video resources.

guess Suricata is good in its way and if we figure out how to use it that would be a great skillset to have.

This course from AND looks pretty nice for those who interested in Suricata:
https://www.networkdefense.io/library/intrusion-detection-with-suricata/about/

triplea

Fingers crossed its in this years training budget.

So, it seems that final content was finally revealed. And I have to say, that at the moment I am disasspointed. From the beginning I was mostly interested in SOC 3.0 Operations and the content I got... is ****. I was expecting interesting theory about SOC and its operations

and got... list of SIEM quieries...

Module 1: Zero Value;
Module 2: Good, some info regarding Win logs, zero about Linux logs, zero about general logs - proxies, FWs, AVs... nothing about where to get logs... at least high level;
Module 3: **** load of Splunk/ELK queries, which could have been added as resource - however no background
Module 4: 23 damn slides... where they do one joke example

I am pissed of, disappointed and whatever. From this chapter I expected the most, and I got around 20-40 garbage slides per module.

I am not talking about the facts, they promised similar lab workload like in PTP - 30 labs, here are approx. 10 labs. Also no videos, so far I went thru Incident Handling - no damn value, when I read NIST Incident Handling - I learned more. Traffic analysis - shitty, and SOC 3.0 ... as above. Also no videos.

Today, when I see, it's released I was excited - plenty of reading for next few months. As I finished section SOC 3.0 in like half hour... probably not for few months... I was expecting a lot, I got few slides of garbage.

So my thoughts, they promised a lot, they delivered ****, videos are missing, slides - the most bragging part sucks and seems not teaching me anything worth the money, labs - I don't want to rate. Price - big. I do not recommend. I hope they ... add like 300 slides to SOC 3.0... because this is joke. Seriously, 20 slides is joke.

securityorc

Wow..following your post I checked out the course forums and what I saw supports your opinion..1 video for the "best course on incident response"?! There are plenty of unhappy people and the instructor gives canned answers and literally dismisses the negative feedback (which is well-earned) by saying that there are other questions to answer in the forums. And his reply to your post on the forums..just wow.

My expectations for this course just went through the floor..I will start going through it and update with opinions, but this just cements my bad experience with eLS, which I will review soon. Suffice it to say, I won't buy any other course from them.

r3nzsec

SleepyLCTL said:

So, it seems that final content was finally revealed. And I have to say, that at the moment I am disasspointed. From the beginning I was mostly interested in SOC 3.0 Operations and the content I got... is ****. I was expecting interesting theory about SOC and its operations and got... list of SIEM quieries...
Module 1: Zero Value;
Module 2: Good, some info regarding Win logs, zero about Linux logs, zero about general logs - proxies, FWs, AVs... nothing about where to get logs... at least high level;
Module 3: **** load of Splunk/ELK queries, which could have been added as resource - however no background
Module 4: 23 damn slides... where they do one joke example
I am pissed of, disappointed and whatever. From this chapter I expected the most, and I got around 20-40 garbage slides per module.

I am not talking about the facts, they promised similar lab workload like in PTP - 30 labs, here are approx. 10 labs. Also no videos, so far I went thru Incident Handling - no damn value, when I read NIST Incident Handling - I learned more. Traffic analysis - shitty, and SOC 3.0 ... as above. Also no videos.

Today, when I see, it's released I was excited - plenty of reading for next few months. As I finished section SOC 3.0 in like half hour... probably not for few months... I was expecting a lot, I got few slides of garbage.

So my thoughts, they promised a lot, they delivered ****, videos are missing, slides - the most bragging part sucks and seems not teaching me anything worth the money, labs - I don't want to rate. Price - big. I do not recommend. I hope they ... add like 300 slides to SOC 3.0... because this is joke. Seriously, 20 slides is joke.

It seems that they've probably rushed this course just to meet the deadline and ****. I'm kinda disappointed too. And I'm also looking for more videos but we only got one

Sad

I don't believe, they can afford getting such a reputation here. We(Sec Guys) are kinda IT geeks and I guess majority of their potential customers might check this forum before making a purchase. They have to act upon this. If they don't, their reputation will go rock bottom. I asked for refund. I mean, the price of the course is approx. 1,3 of average salary in my country. They have to deliver damn good stuff for that - no matter they try to be "cheaper and better" than SANS.

I just posted a comparison of PTP v4 and IHRP v1 to the forum.

Long story short,

PTP v4 with Ruby = over 5500 slides!
IHRP v1 = over 1200 slides!

So, guys, I completely disappointed too(( They promised a lot and we had to get one of the best IR courses. But, it's really weak course. eLS also promised about 30 Labs (like in PTP), but released only 8. I agree with @r3nzec, seems like they just rushed this course just to meet the deadline and totally forgot about its quality.

SleepyLCTL said:

I don't believe, they can afford getting such a reputation here. We(Sec Guys) are kinda IT geeks and I guess majority of their potential customers might check this forum before making a purchase. They have to act upon this. If they don't, their reputation will go rock bottom. I asked for refund. I mean, the price of the course is approx. 1,3 of average salary in my country. They have to deliver damn good stuff for that - no matter they try to be "cheaper and better" than SANS.

I'm going to ask for refund too. Where did you write them?

Guys... In order to get somewhere, please make some noise. Please comment my topic on ELS as well, give it more traction. So far I am the only one basically, if you write there as well, we can maybe push them a bit harder. I asked support, they ignored it. i will ask again. But please, add few comments to my thread if you are disappointed as well. https://community.elearnsecurity.com/topic/6762-soc-30-section-and-its-content/ Once you join the party, they have to either lock the thread or react. Let the resistance raise! I am awaiting your comments.

"Practical Incident Handling" section of the course contains 0(!) labs. It should be renamed as "Theoretical IH". SOC 3.0 section contains only 2 labs (for Splunk and ELK). That's definitely isn't enough.

Well, there are some related labs in different sections, however please write down your thoughts to the official forum. Here is no use.

new2Sec

I heard els forum they locked posts that criticize.

Is true Demitrus write:
1) "The course is actually being used to train intermediate SOC analysts in large" on a course that hasn't been completely released yet?
2) "Since everything we wanted was covered, unfortunately I can't spend more time on this. Locking the thread..."

Note to self, never buy els course "sight unseen." New business model You by course, we partially make it terrible.

2018 I pass PTS PTP they good. I want course succeed it look good. So far, only reach suck, but they do it best. They need try harder.

They will maybe lock it, however if we do not "spam" them, nothing will change. ... I am willing to create threads till my refund.

new2Sec

I check website. no president or ceo only gm. Only one security person. 20 web developers. How they work? one person support 15 courses and create new?

I guess they cannot ban me as a paying customer.