Incident Response in Google Cloud

Instructor-led training course

At a glance

This intensive 24-hour course is designed to teach investigators techniques needed to respond to an investigation of a Google Cloud organization. The fast-paced course is built upon a series of hands-on labs that highlight how to investigate and respond to a targeted attack in a Google Cloud organization. Examples of skills taught include how to identify evidence of a threat actor using Google Cloud native tools, use open source utilities to enhance the investigators’ capabilities, and provide effective containment and eradication of a threat actor.

The course includes detailed discussions about methods of evidence collection and their limitations as well as how threat actors move around in the Google Cloud organization. This information is then reinforced through a dynamic hands-on lab environment powered by Google Cloud Skills Boost. The labs will have recent evidence of compromise and provide each student with their own lab environment.

Course goals

After completing this course, participants should be able to:

  • Define the NIST incident response process
  • Identify the core components of a Google Cloud organization
  • Use Logs Explorer to perform cloud investigations
  • Deploy and update a compute instance for local analysis
  • Identify key log events for 
  • Service account abuse
  • Service account key creation
  • Storage bucket access
  • GKE container logs
  • Cloud Run logs
  • Use open source tools like Plaso, Timesketch, dfTimewolf, and many others
  • Perform incident response in Google Cloud

Who this course helps

This class is designed for beginner/intermediate-level students who have a responsibility to respond to or alert on security incidents in Google Cloud. Participants should have a basic understanding of Windows and Linux operating systems along with a basic understanding of Google Cloud or cloud concepts.

How it works

Delivery methods

In-classroom or virtual instructor-led training

Duration

  • 3 days (in-person delivery)
  • 4 days (virtual delivery)

What to bring

Participants will need a laptop with the latest browser of choice and the ability to connect to the internet.

Participants will receive course materials before the start of the course. Instructions for connecting to the lab environment will be given as part of the course delivery.



Take the next step

Contact Mandiant Academy to learn more and schedule your course today.

Google Cloud
send
    DocsSupport
    Console
    Sign in
    • Accelerate your digital transformation
    • Whether your business is early in its journey or well on its way to digital transformation, Google Cloud can help solve your toughest challenges.
    • Google Cloud products
    • Browse over 100 products. New customers get $300 in free credits to run, test, and deploy workloads. All customers can use 25+ products for free, up to monthly usage limits.
    • Save money with our transparent approach to pricing
    • Google Cloud's pay-as-you-go pricing offers automatic savings based on monthly usage and discounted rates for prepaid resources. Contact us today to get a quote.
    Google Cloud