This is the sixth course in the Google Cybersecurity Certificate. Learners will focus on incident detection and response. They will learn what defines a security incident and explain the incident response lifecycle, including the roles and responsibilities of incident response teams. Learners will analyze and interpret network communications to detect security incidents using packet sniffing tools to capture network traffic. By assessing and analyzing artifacts, learners will explore the incident investigation and response processes and procedures. Additionally, they will develop a conceptual overview of log data and their role in intrusion detection systems (IDS) and Security Information Event Management (SIEM) tools. Learners who complete this certificate will be equipped to apply for entry-level cybersecurity roles. No previous experience is necessary.
Cultivate your career with expert-led programs, job-ready certificates, and 10,000 ways to grow. All for $25/month, billed annually. Save now
Sound the Alarm: Detection and Response
This course is part of Google Cybersecurity Professional Certificate
Instructor: Google Career Certificates
Top Instructor
220,506 already enrolled
Included with 
(2,894 reviews)
What you'll learn
Identify the steps to contain, eradicate, and recover from an incident
Analyze packets to interpret network communications
Understand basic syntax, components of signatures and logs in Intrusion Detection Systems (IDS) and Network Intrusion Detection Systems (NIDS) tools
Perform queries in Security Information and Event Management (SIEM) tools to investigate an event
Skills you'll gain
Details to know
Add to your LinkedIn profile
25 assignments
See how employees at top companies are mastering in-demand skills
Build your Computer Security and Networks expertise
- Learn new concepts from industry experts
- Gain a foundational understanding of a subject or tool
- Develop job-relevant skills with hands-on projects
- Earn a shareable career certificate from Google
Earn a career certificate
Add this credential to your LinkedIn profile, resume, or CV
Share it on social media and in your performance review
There are 4 modules in this course
This module provides an overview of detection and incident response. Learners will explore how security professionals verify and respond to malicious threats. Learners will also become familiar with the steps involved in incident response. This overview will be the foundation for the next module.
What's included
12 videos7 readings6 assignments1 plugin
In this module, learners will be provided with an overview of network analysis tools more commonly referred to as “packet sniffers”. In particular, learners will sniff the network and analyze packets for malicious threats. Learners will also craft common filtering commands in both tcpdump and Wireshark to analyze the contents of packet capture.
What's included
9 videos10 readings5 assignments4 app items
In this module, Learners will explore the various processes and procedures in the stages of incident detection, investigation, analysis, and response as framed by NIST. They will utilize VirusTotal as an investigative tool to analyze the details of suspicious file hashes. Learners will recognize the importance of documentation and evidence collection during the detection and response stages. Finally, learners will approximate an incident’s chronology by mapping artifacts to reconstruct an incident’s timeline.
What's included
11 videos11 readings7 assignments2 plugins
In this module, learners will be provided with a conceptual overview of logs and their role in intrusion detection systems (IDSs) and Security Information and Event Management tools (SIEMs). The module will discuss the general concept of an IDS and how it works to detect attacks before highlighting specific IDS and SIEM products, such as Suricata, Splunk and Google SecOps (Chronicle), respectively. Learners will then develop an understanding of how to access and navigate within Suricata and how basic rules are set up to provide alerts, events, and logs for malicious network traffic. This module will conclude with an introduction to Splunk and Google SecOps (Chronicle) and will showcase some of their features, including common commands for search queries.
What's included
14 videos13 readings7 assignments2 app items1 plugin
Instructor
Offered by
Recommended if you're interested in Computer Security and Networks
Cisco Learning and Certifications
Why people choose Coursera for their career
Learner reviews
2,894 reviews
- 5 stars
84.32%
- 4 stars
11.32%
- 3 stars
3.03%
- 2 stars
0.62%
- 1 star
0.69%
Showing 3 of 2894
Reviewed on Sep 25, 2023
just a few improvements that should be made, some parts confused me of not knowing what is being asked of me. Other than that, it's an excellent course.
Reviewed on Jul 11, 2023
just kind of scratches the surface and doesn't go too deep. I would say its better than just memorizing a bunch of stuff for the security plus.
Reviewed on Oct 16, 2023
Learnt a lot about SIEM tools and much more that are all ready to be applied in the job. Thanks a lot to Google and Coursera for such a wonderful session.
New to Computer Security and Networks? Start here.
Open new doors with Coursera Plus
Unlimited access to 10,000+ world-class courses, hands-on projects, and job-ready certificate programs - all included in your subscription
Advance your career with an online degree
Earn a degree from world-class universities - 100% online
Join over 3,400 global companies that choose Coursera for Business
Upskill your employees to excel in the digital economy
Frequently asked questions
Access to lectures and assignments depends on your type of enrollment. If you take a course in audit mode, you will be able to see most course materials for free. To access graded assignments and to earn a Certificate, you will need to purchase the Certificate experience, during or after your audit. If you don't see the audit option:
The course may not offer an audit option. You can try a Free Trial instead, or apply for Financial Aid.
The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.
When you enroll in the course, you get access to all of the courses in the Certificate, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile. If you only want to read and view the course content, you can audit the course for free.
If you subscribed, you get a 7-day free trial during which you can cancel at no penalty. After that, we don’t give refunds, but you can cancel your subscription at any time. See our full refund policy.
More questions
Financial aid available,