Instrumenting the Environment to Detect Suspicious and Malicious Activity (IR214)

9:00 AM EDT – 1:00 PM EDT
Location type

The Cybersecurity and Infrastructure Security Agency (CISA) is proud to present the Instrumenting the Environment to Detect Suspicious and Malicious Activity (IR214) event on Thursday, June 27, 2024

Attackers are becoming more sophisticated – and efficient. The time it takes an attacker to begin moving laterally once they have a foothold in the network is 79 minutes, compared to 9 hours in 2019. Security teams require exceptional network visibility to keep pace with top-level threat actors as these breakout times shrink. Triage training and tools can help incident response teams reduce the time an attacker dwells undetected within a network, mitigating attacks before threat actors can accomplish their missions. 

This 4-hour skills development cyber range training provides best practices for organizations to strengthen their detection and initial response capabilities for more effective triaging. Through case studies, presentations by expert facilitators, demonstrations, and lab exercises participants will explore the tools and techniques necessary to identify suspicious and malicious activity in an enterprise environment. 

Experience these benefits and more: 

  • Key guidance for organizations: Gain insights on enterprise instrumentation tools and methodologies that streamline incident response. 
  • Job Aid: Receive a triage checklist to assist incident responders in efficiently collecting endpoint data for timely, actionable intelligence. 
  • Case study: Explore a high-impact, global cyberattack, dissecting the tactics, techniques, and procedures that defined the incident. 
  • Knowledge check: Conclude your learning experience with a knowledge check designed to ensure readiness in applying these critical concepts in a real-world incident. 

This exercise is a step-by-step, facilitated experience that uses a keyboard approach to understand these topics in a realistic technical environment.  

Approved registrants must attend a mandatory student technical check the day before the training to establish a connection to the course content and lab environment.   


  • Date: Thursday, June 27, 2024
  • Time: 9 a.m. to 1 p.m. EDT 
  • Location: Online via WebEx 
  • CPE Credit: Participants can earn 4 CPE credits for attending this course. 
  • Attendee Requirements: This course requires active participation. Attendees can use government-issued computers or personal computers. A second monitor is recommended. 
  • Note: Audio is through WebEx; there is no external dial-in. 
  • Closed captioning (English only) will be available during this training event. Previously recorded webinars are available on the CISA YouTube Channel for playback in other languages, if required. 

 Due to participation requirements, please register no later than 48 hours before the course starts. Cyber Insights will not accept registrations made less than 48 hours before the course start.