Coursera

Sound the Alarm: Detection and Response (Coursera)

Offered by Google,

This is the sixth course in the Google Cybersecurity Certificate. These courses will equip you with the skills you need to apply for an entry-level cybersecurity job. You’ll build on your understanding of the topics that were introduced in the fifth Google Cybersecurity Certificate course. In this course, you will focus on incident detection and response.

Class Deals by MOOC List - Click here and see Coursera's Active Discounts, Deals, and Promo Codes.

You'll define a security incident and explain the incident response lifecycle, including the roles and responsibilities of incident response teams. You'll analyze and interpret network communications to detect security incidents using packet sniffing tools to capture network traffic. By assessing and analyzing artifacts, you'll explore the incident investigation and response processes and procedures. Additionally, you'll practice using Intrusion Detection Systems (IDS) and Security Information Event Management (SIEM) tools.
Google employees who currently work in cybersecurity will guide you through videos, provide hands-on activities and examples that simulate common cybersecurity tasks, and help you build your skills to prepare for jobs.
Learners who complete this certificate will be equipped to apply for entry-level cybersecurity roles. No previous experience is necessary.
By the end of this course, you will:

Explain the lifecycle of an incident.
Describe the tools used in documentation, detection, and management of incidents.
Analyze packets to interpret network communications.
Perform artifact investigations to analyze and verify security incidents.
Identify the steps to contain, eradicate, and recover from an incident.
Determine how to read and analyze logs during incident investigation.
Interpret the basic syntax and components of signatures and logs in Intrusion Detection Systems (IDS) and Network Intrusion Detection Systems (NIDS) tools.
Perform queries in Security Information and Event Management (SIEM) tools to investigate an event.

Course 6 of 8 in the Google Cybersecurity Professional Certificate.

What You Will Learn

Identify the steps to contain, eradicate, and recover from an incident
Analyze packets to interpret network communications
Understand basic syntax, components of signatures and logs in Intrusion Detection Systems (IDS) and Network Intrusion Detection Systems (NIDS) tools
Perform queries in Security Information and Event Management (SIEM) tools to investigate an event

Syllabus

WEEK 1
Introduction to detection and incident response
Detection and incident response are an important part of a cybersecurity analyst’s work. You'll explore how cybersecurity professionals verify and respond to malicious threats and become familiar with the steps involved in incident response.

WEEK 2
Network monitoring and analysis
You will explore network analysis tools, commonly referred to as packet sniffers. In particular, you'll sniff the network and analyze packets for malicious threats. You'll also craft filtering commands to analyze the contents of captured packets.

WEEK 3
Incident investigation and response
You will learn about the various processes and procedures in the stages of incident detection, investigation, analysis, and response. Then, you'll analyze the details of suspicious file hashes. You'll learn about the importance of documentation and evidence collection during the detection and response stages. Finally, you'll approximate an incident’s chronology by mapping artifacts to reconstruct an incident’s timeline.

WEEK 4
Network traffic and logs using IDS and SIEM tools
You will explore logs and their role in Intrusion Detection Systems (IDS) and Security Information Event Management (SIEM) systems. You'll learn how these systems detect attacks. You’ll also be introduced to some IDS and SIEM products. In addition, you’ll write basic IDS rules to provide alerts for malicious network traffic.

Go to Class

MOOC List is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Related Courses

Coursera

University of Michigan

Internet History, Technology, and Security (Coursera)

Security & Networking

The impact of technology and networks on our lives, culture, and society continues to increase. The very fact that you can take this course from anywhere in the world requires a technological infrastructure that was designed, engineered, and built over the past sixty years. To function in an information-centric world, we need to understand the workings of network technology. This course will open up the Internet and show you how it was created, who created it and how it works. Along the way we will meet many of the innovators who developed the Internet and Web technologies that we use today.

Jun 1st 2026

5-12 Weeks

Network Security Computing

Coursera

ConsenSys Academy

Blockchain: Foundations and Use Cases (Coursera)

Security & Networking

This course is the definitive introduction to blockchain for both the developer and non-developer audience. Beyond the technology, this course will introduce you to some of the philosophy behind decentralization and why there is so much excitement around it. During the first three modules, you'll be introduced to blockchain and the technology behind it. In module four, we'll go beyond bitcoin and delve deeper into a next-generation blockchain called Ethereum to introduce you to what modern blockchains can do.

Jun 1st 2026

5-12 Weeks

Security Bitcoin Blockchain

Coursera

Palo Alto Networks

Palo Alto Networks Cybersecurity Foundation (Coursera)

Security & Networking

In this course, students will learn fundamental principles associated with the current cybersecurity landscape and identify concepts required to recognize and potentially mitigate attacks against enterprise networks as well as mission critical infrastructure. Students will also learn how to initially setup and configure security zones, authentication, and policies on a next generation firewall.

Jun 2nd 2026

5-12 Weeks

Cryptography Cloud Computing Malware

Coursera

University System of Georgia

Road to the CISO – Culminating Project Course (Coursera)

Security & Networking

The ultimate destination for a security manager is the Chief Information Security Officer (or Chief Security Officer) a senior executive role responsible for all cybersecurity operations in the organization. But how do you get from entry-level IT or security employee to the CISO’s office and what do you need to know when you get there? This course examines the career path and requirements to be an effective CISO, as well as the roles and responsibilities of the position.

Jun 1st 2026

5-12 Weeks

Security Risk Management Cybersecurity

Coursera

University of Pennsylvania

Privacy Law and Data Protection (Coursera)

Business

What does it take to comply with privacy laws? In this course, we’ll look at the practical aspects of navigating the complex landscape of privacy requirements. Better understanding privacy laws and data protection will enable you to protect your organization and the constituents that depend on your organization to safeguard their personal information.

Jun 1st 2026

4 Weeks

Security Data Management Risk Management

Coursera

University of Colorado System

Cybersecurity Policy for Water and Electricity Infrastructures (Coursera)

Social Sciences

This course will examine the drinking water and electricity infrastructures, and various policies that have been developed to help guide and strengthen their cybersecurity programs. The drinking water and electricity infrastructures are two of fourteen subsectors comprising what are known as "lifeline infrastructure". The 2013 National Infrastructure Protection Plan identifies four lifeline infrastructure sectors: 1) water, 2) energy, 3) transportation, and 4) communications. These sectors are designated "lifeline" because many other infrastructures depend upon them.

Jun 1st 2026

4 Weeks

Water Electricity Cybersecurity

Coursera

University of California, Davis

Identifying Security Vulnerabilities (Coursera)

Security & Networking

This course will help you build a foundation of some of the fundamental concepts in secure programming. We will learn about the concepts of threat modeling and cryptography and you'll be able to start to create threat models, and think critically about the threat models created by other people. We'll learn the basics of applying cryptography, such as encryption and secure hashing. We'll learn how attackers can exploit application vulnerabilities through the improper handling user-controlled data. We'll gain a fundamental understanding of injection problems in web applications, including the three most common types of injection problems: SQL injection, cross-site scripting, and command injection.

Jun 1st 2026

4 Weeks

Cryptography Security Authentication

Coursera

University System of Georgia

Managing Cybersecurity Incidents and Disasters (Coursera)

Security & Networking

Most organizations plan for routine operations, but what happens when unexpected events overtake the routine? This course examines contingency planning used to prepare for and manage non-normal operations, including cybersecurity incidents – like hacking attempts, web site defacement, denial of service attacks, information disclosures; a well as other natural and man-made cybersecurity disasters.

Jun 1st 2026

5-12 Weeks

Disaster Recovery Security Cybersecurity

Coursera

University of California, Davis

Principles of Secure Coding (Coursera)

Security & Networking

This course introduces you to the principles of secure programming. It begins by discussing the philosophy and principles of secure programming, and then presenting robust programming and the relationship between it and secure programming. We'll go through a detailed example of writing robust code and we'll see many common programming problems and show their connection to writing robust, secure programs in general.

Jun 1st 2026

4 Weeks

Philosophy Security Coding

Coursera

The Hong Kong University of Science and Technology - HKUST

FinTech Security and Regulation (RegTech) (Coursera)

Economics & Finance Business

This course "FinTech Security and Regulation (RegTech)" help you to understand RegTech and to become more confident and persuasive in your ability to analyze and make recommendations to executives within the finance industry regarding how to react to these changes, e.g. Regulations to cryptocurrencies like BitCoin & Initial Coin Offering (ICO). It presents the views of several professors from the top business school in Asia as well as perspectives from industry professionals.

Jun 1st 2026

5-12 Weeks

Finance Business Security

Coursera

IBM

Cybersecurity Roles, Processes & Operating System Security (Coursera)

Security & Networking

This course gives you the background needed to understand basic Cybersecurity around people. process and technology. You will learn: Understand the key cybersecurity roles within an Organization; List key cybersecurity processes and an example of each process; Describe the architecture, file systems, and basic commands for multiple operating systems including Windows, Mac/OS, Linux and Mobile; Understand the concept of Virtualization as it relates to cybersecurity

Jun 1st 2026

4 Weeks

Operating Systems Linux Cloud Computing

Coursera

University of Colorado System

Cybersecurity Policy for Aviation and Internet Infrastructures (Coursera)

Social Sciences

In this course we will examine the aviation and Internet infrastructures, and various policies that have been developed to help guide and strengthen their cybersecurity programs. The aviation and Internet infrastructures are also considered "lifeline infrastructure" as part of the transportation and communications sectors. Both subsectors are overseen by the Department of Homeland Security National Protection and Programs Directorate which manages the DHS National Infrastructure Protection Program.

Jun 1st 2026

4 Weeks

Internet Transportation Cybersecurity