Coursera

Threat Investigation (Coursera)

Offered by Cisco Learning and Certifications,
Threat Investigation (Coursera)

If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand how threat-centric SOC must prepare for analyzing new and emerging threats by implementing robust security investigation procedures.

Class Deals by MOOC List - Click here and see Coursera's Active Discounts, Deals, and Promo Codes.

By the end of the course, you will be able to:
• Understand cyber-threat hunting concepts
• Describe the five hunting maturity levels (HM0–HM4)
• Describe the hunting cycle four-stage loop
• Describe the use of the Common Vulnerability Scoring System (CVSS) and list the CVSS v3.0 base metrics
• Describe the CVSS v3.0 scoring components (base, temporal, and environmental)
• Provide an example of CVSS v3.0 scoring
• Describe the use of a hot threat dashboard within a SOC
• Provide examples of publicly available threat awareness resources
• Provide examples of publicly available external threat intelligence sources and feeds
• Describe the use of security intelligence feed
• Describe threat analytics systems
• Describe online security research tools
• Simulate malicious actions to populate the event data on the Security Onion tools for later analysis
• Identify resources for hunting cyber threats.
To be successful in this course, you should have the following background:

  1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course
  2. Familiarity with Ethernet and TCP/IP networking
  3. Working knowledge of the Windows and Linux operating systems
  4. Familiarity with basics of networking security concepts.

Course 6 of 7 in the Cybersecurity Operations Fundamentals Specialization.

Syllabus

WEEK 1
Identifying Resources for Hunting Cyber Threats
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand how threat-centric SOC must prepare for analyzing new and emerging threats by implementing robust security investigation procedures • By the end of the course, you will be able to: • Understand cyber-threat hunting concepts • Describe the five hunting maturity levels (HM0–HM4) • Describe the hunting cycle four-stage loop• Describe the use of the Common Vulnerability Scoring System (CVSS) and list the CVSS v3.0 base metrics• Describe the CVSS v3.0 scoring components (base, temporal, and environmental) • Provide an example of CVSS v3.0 scoring • Describe the use of a hot threat dashboard within a SOC • Provide examples of publicly available threat awareness resources • Provide examples of publicly available external threat intelligence sources and feeds• Describe the use of security intelligence feed • Describe threat analytics systems • Describe online security research tools • Simulate malicious actions to populate the event data on the Security Onion tools for later analysis • Identify resources for hunting cyber threats. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

WEEK 2
Understanding Event Correlation and Normalization
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you describe event correlation and normalization. By the end of the course, you will be able to: • Describe network security monitoring event sources (IPS, Firewall, NetFlow, Proxy Server, IAM, AV, and application logs)• Describe direct evidence and circumstantial evidence • Describe chain of custody for all evidence and interacting with law enforcement • Describe an example of security data normalization • Provide an example of security events correlation • Explain the basic concepts of security data aggregation, summarization, and deduplication • Use the Security Onion Sguil and ELSA applications as the SIEM platform to monitor the network for peculiarities and start an investigation. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

WEEK 3
Conducting Security Incident Investigations
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will explain how to conduct security incident investigations. By the end of the course, you will be able to: • Explain the objective of security incident investigation: Discover the who, what, when, where, why, and how of the incident • Describe the China Chopper Remote Access Trojan • Identify network traffic that was created by an advanced persistent threat (APT). To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

WEEK 4
Using a Playbook Model to Organize Security Monitoring
If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you understand how to use a playbook model to organize security monitoring. By the end of the course, you will be able to: • Describe the security analytics process • Describe the use of a playbook in a SOC • Describe the components of a play in a typical SOC playbook • Describe the use of a playbook management system in the SOC • Explore SOC playbooks. To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.

Go to Class
MOOC List is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Related Courses

IT Security: Defense against the digital dark arts (Coursera) Coursera
Google

IT Security: Defense against the digital dark arts (Coursera)

Security & Networking

This course covers a wide variety of IT security concepts, tools, and best practices. It introduces threats and attacks and the many ways they can show up. We’ll give you some background of encryption algorithms and how they’re used to safeguard data. Then, we’ll dive into the three As of information security: authentication, authorization, and accounting. We’ll also cover network security solutions, ranging from firewalls to Wifi encryption options. The course is rounded out by putting all these elements together into a multi-layered, in-depth security architecture, followed by recommendations on how to integrate a culture of security into your organization or team.

Jun 22nd 2026
5-12 Weeks
Security Networks Information Technology
Details
Networking and Security in iOS Applications (Coursera) Coursera
University of California, Irvine

Networking and Security in iOS Applications (Coursera)

Security & Networking

You will learn to extend your knowledge of making iOS apps so that they can securely interact with web services and receive push notifications. You'll learn how to store data securely on a device using Core Data. You’ll also learn to securely deploy apps to the App Store and beta users over-the-air. The format of the course is through a series of code tutorials. We will walk you through the creation of several apps that you can keep as a personal app toolbox. When you make your own apps after this course, you can bring in these capabilities as needed. When necessary we pop out of the code tutorials to talk about concepts at a higher level so that what you are programming makes sense.

Jun 22nd 2026
4 Weeks
Security JSON Networks
Details
Cybersecurity and the Internet of Things (Coursera) Coursera
University System of Georgia

Cybersecurity and the Internet of Things (Coursera)

Security & Networking

Welcome to “Cybersecurity and the Internet of Things”! This course is for you if you are curious about the most recent trends and activities in the internet capabilities and concerns about programmed devices. There are complexities and areas of necessary awareness when the industrial sector becomes connected to your home.

Jun 22nd 2026
4 Weeks
Security Cybersecurity Privacy
Details
Classical Cryptosystems and Core Concepts (Coursera) Coursera
University of Colorado System

Classical Cryptosystems and Core Concepts (Coursera)

Security & Networking

Welcome to Introduction to Applied Cryptography. Cryptography is an essential component of cybersecurity. The need to protect sensitive information and ensure the integrity of industrial control processes has placed a premium on cybersecurity skills in today’s information technology market. Demand for cybersecurity jobs is expected to rise 6 million globally by 2019, with a projected shortfall of 1.5 million, according to Symantec, the world’s largest security software vendor. According to Forbes, the cybersecurity market is expected to grow from $75 billion in 2015 to $170 billion by 2020.

Jun 22nd 2026
3 Weeks
Cryptography Security Networks
Details
Detecting and Mitigating Cyber Threats and Attacks (Coursera) Coursera
University of Colorado System

Detecting and Mitigating Cyber Threats and Attacks (Coursera)

Security & Networking

Computer attacks and data breaches are inevitable. It seems like every day a data breach occurs and the victims of the data breach suffer. Their information is stolen or posted online. The company’s or businesses who had the breach go on, learn a little from the attack, and just give credit monitoring out as if nothing happened. What if you could help prevent a data breach in your organization? This is the third course in the Practical Computer Security specialization. This course looks at detection and mitigation of threats and attack vectors and discusses how to use tools and principles to protect information.

Jun 22nd 2026
5-12 Weeks
Security Cybersecurity Cyber Attacks
Details
Proactive Computer Security (Coursera) Coursera
University of Colorado System

Proactive Computer Security (Coursera)

Security & Networking

I’ve heard this before – “I’m not sure my computer security practices are working”. I reply “Have you tested them?” This course is the fourth and final course in the Practical Computer Security specialization. In this course, you’ll learn how to proactively test what you have put in place to protect your data. In the first week you’ll be able to discuss the basics of deterrents and how to “trick” attackers into believing they’ve hit a goldmine of data away from your real systems. In week 2, you’ll be able to understand and discuss the steps of penetration testing methodology.

Jun 22nd 2026
5-12 Weeks
Security Sharing Computer Security
Details
Introduction to Enterprise Computing (Coursera) Coursera
IBM

Introduction to Enterprise Computing (Coursera)

CS: Information & Technology

Large Scale Enterprise Computing powers all major transactions, and the Mainframe is responsible for 87% of all credit card transactions and enables 71% of all Fortune 500 companies. Mainframes are fundamental on how we do business, and IBM Z is the only production mainframe sold today. Virtually everyone depends on it. This is your introduction to the hardware, operating systems, security, and features that make this possible.

Jun 22nd 2026
3 Weeks
Security Enterprise Enterprise Computing
Details
Mathematical Foundations for Cryptography (Coursera) Coursera
University of Colorado System

Mathematical Foundations for Cryptography (Coursera)

Security & Networking

Welcome to Course 2 of Introduction to Applied Cryptography. In this course, you will be introduced to basic mathematical principles and functions that form the foundation for cryptographic and cryptanalysis methods. These principles and functions will be helpful in understanding symmetric and asymmetric cryptographic methods examined in Course 3 and Course 4. These topics should prove especially useful to you if you are new to cybersecurity. It is recommended that you have a basic knowledge of computer science and basic math skills such as algebra and probability.

Jun 22nd 2026
4 Weeks
Math Cryptography Security
Details
Software Design Threats and Mitigations (Coursera) Coursera
University of Colorado System

Software Design Threats and Mitigations (Coursera)

CS: Software Engineering

The design step in developing software has some unique characteristics. First of all, it’s the only step where drawing pictures of things is the norm. Why is that? What do pictures do that other representations cannot do? Pictures have varying levels of detail; pictures have context. Pictures…paint a picture. Why are these things important? In this course, too, we begin looking at other disciplines (building architecture is a favorite one) for lessons on design.

Jun 22nd 2026
5-12 Weeks
Security Software Design Software Development
Details
Cyber Attack Countermeasures (Coursera) Coursera
New York University

Cyber Attack Countermeasures (Coursera)

Security & Networking

This course introduces the basics of cyber defense starting with foundational models such as Bell-LaPadula and information flow frameworks. These underlying policy enforcements mechanisms help introduce basic functional protections, starting with authentication methods. Learners will be introduced to a series of different authentication solutions and protocols, including RSA SecureID and Kerberos, in the context of a canonical schema.

Jun 22nd 2026
4 Weeks
Cryptography Cybersecurity Cyber Attacks
Details