This unit explores the use of automated tools, scripting, and machine learning to detect, prioritize, and respond to cybersecurity threats. Students will configure and test SIEM/SOAR workflows, apply basic ML techniques to log and network data, and consider limitations and adversarial risks as preparation for a culminating incident-response capstone.
Learning Objectives
- Analyze network and system log datasets to identify patterns and anomalies that indicate potential security incidents using statistical and ML-based techniques
- Apply scripting and automation (for example, Python or PowerShell) to develop repeatable detection and response tasks and integrate them with SIEM/SOAR platforms
- Demonstrate the configuration and testing of alerting, correlation rules, and automated playbooks in a simulated operational environment
- Evaluate the effectiveness, limitations, and ethical implications of automated and machine-learning driven defenses, including how adversarial techniques can evade detection
Leave a Reply