Visão Geral
Este Curso Incident Response using Zscaler Logs, aborda o uso dos logs da plataforma Zscaler como fonte central para detecção, análise, investigação e resposta a incidentes de segurança. O foco está na aplicação prática de técnicas de Incident Response (IR) em ambientes Zero Trust, utilizando logs do ZIA e ZPA, correlação de eventos, integração com SIEM e construção de playbooks operacionais para SOC.
Conteúdo Programatico
Module 1: Incident Response and Zscaler Overview
- Incident Response Lifecycle
- Role of Zscaler in Zero Trust Security
- Incident Response Use Cases
Module 2: Zscaler Log Sources for Incident Response
- ZIA Log Types and Security Events
- ZPA Logs and Access Events
- Nanolog and Log Streaming Service
Module 3: Threat Detection using Zscaler Logs
- Malware and Threat Indicators
- Policy Violations and Suspicious Traffic
- Anomaly Detection
Module 4: Identity and Access Incident Analysis
- Authentication Failures
- Suspicious User Behavior
- Privileged Access Investigation
Module 5: Network and Application Incident Investigation
- Command-and-Control Traffic Analysis
- Data Exfiltration Indicators
- Application Abuse Detection
Module 6: Log Correlation and SIEM Integration
- Correlating Zscaler Logs in SIEM
- Enrichment with External Threat Intelligence
- Alert Tuning and False Positives
Module 7: Incident Containment and Mitigation
- Policy-Based Containment Actions
- Blocking Users, Apps, and Destinations
- Short-Term and Long-Term Mitigations
Module 8: Forensics and Evidence Collection
- Log Preservation and Chain of Custody
- Timeline Reconstruction
- Incident Documentation
Module 9: Playbooks and Automation
- Incident Response Playbooks
- SOAR Integration Concepts
- Automated Response Scenarios
Module 10: Capstone Incident Response Labs
- End-to-End Incident Simulation
- Investigation, Containment, and Recovery
- Lessons Learned and Continuous Improvement