Detect Suspicious Activity with Workload Protection

Abstract

Note: This course was previously titled Detect Suspicious Process, File, and Network Activity with CSM Threats.

Learning Objectives

After completing this course you will be able to:

Monitor process, network, kernel-level, and file activity using Workload Protection
Detect threat activity using Security Agent expressions and detection rules
Use Workload Protection security signals to investigate threats

Primary Audience

Security engineers, platform engineers, and cloud engineers responsible for securing workloads.

Prerequisites

The prerequisites for this course are the following:

Recommended: Completion of the Learning Environment course
Optional: Completion of the Enable and Manage Workload Protection course
Basic cloud computing knowledge (this course features a sandbox AWS environment)
Familiarity with the Linux command line

Technical Requirements

In order to complete the course, you will need the following:

Google Chrome or Firefox

Course Navigation

At the bottom of each lesson, click the MARK LESSON COMPLETE AND CONTINUE button so that you are marked complete for each lesson and can receive the certificate at the end of the course.

Course Enrollment Period

Please note that your enrollment in this course ends after 30 days. You can re-enroll at any time and pick up where you left off.

Learning Center

Detect Host and Container Compromises with Workload Protection

Abstract

Learning Objectives

Primary Audience

Prerequisites

Technical Requirements

Course Navigation

Course Enrollment Period

Course curriculum

Course Overview

Detect and Investigate Threats

Lab: Detect Suspicious Activity with Workload Protection

Course Conclusion

Detect Host and Container Compromises with Workload Protection

Running into an issue?