Sorry, you need to enable JavaScript to visit this website.
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.

Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.

The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

  1. Home
  2. Node
  3. Introduction to Log Management (IR210)

Introduction to Log Management (IR210)

Description

The Cybersecurity and Infrastructure Security Agency (CISA) is proud to present the Introduction to Log Management (IR210) Cyber Range Training event. The 200-level training events are open to government employees and contractors across federal, state, local, tribal, and territorial government, educational partners, and critical infrastructure partners. Please use your organization email address when registering.

This course is ideal for those working in cybersecurity roles who are interested in learning technical incident response skills and requires active engagement from all participants. The course assumes a mixed audience (e.g., from disparate teams and organizations) of mixed capability.

Log files provide the data that are the bread and butter of incident response, enabling network analysts and incident responders to investigate and diagnose issues and suspicious activity from network perimeter to epicenter. Participants will be introduced to basic principles of log management and configuration. Federal compliance regulations of log configuration and management including OMB Memo M-21-31 will also be introduced.

Experience these benefits and more: 

  • Common attack methods: Understand the importance of the configuration, management, and analysis of logs for incident response and identify key processes of log management. 
  • Practice in a realistic environment: Investigate and analyze log data for suspicious activity. Detect and correlate possible IOCs or malicious activity with threat intel. Exercises include configuring a DNS server, network device firewall, an operating system and more for propper logging.  
  • Expert facilitation and peer discussion: Throughout the course, expert cybersecurity engineers will moderate discussions and conduct a recovery debrief for the exercises. Participants are also encouraged to help one another and offer relevant input to address peers' questions.

This exercise is a step-by-step, facilitated experience that uses a keyboard approach to understand these topics in a realistic technical environment.

Approved registrants must attend a mandatory student technical check the day before the training to establish a connection to the course content and lab environment.

Call to Action (CTA) link
Register Now
Featured
Off
Tags
Cybersecurity Events
Organizer
CISA
Presenter
CISA
Registration dates
-
Event dates
-
Online materials available date
Expiration Date
Override Featured
Off