CINXE.COM

<!doctype html> <html data-n-head-ssr> <head> <script type="text/javascript">window.optimizely=window.optimizely||[];const oneTrustCookie=document.cookie.split(";").map(function(o){return o.trim()}).filter(function(o){return o.startsWith("OptanonConsent")})[0];if(oneTrustCookie){let o=!decodeURIComponent(oneTrustCookie).includes("C0003:1");window.optimizely.push({type:"optOut",isOptOut:o})}else window.optimizely.push("disable")</script> <script src="https://cdn.optimizely.com/js/28081820005.js"></script>   <script>window.dataLayer=[],function(e,t,a,n){e[n]=e[n]||[],e[n].push({"gtm.start":(new Date).getTime(),event:"gtm.js"});e=t.getElementsByTagName(a)[0],n=t.createElement(a);n.async=!0,n.src="https://www.googletagmanager.com/gtm.js?id=GTM-5T9DW3B",e.parentNode.insertBefore(n,e)}(window,document,"script","dataLayer")</script>  <meta data-n-head="ssr" charset="utf-8"><meta data-n-head="ssr" name="viewport" content="width=device-width,initial-scale=1"><meta data-n-head="ssr" name="msapplication-TileImage" content="https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt98b136a644f78dec/60a7f28b6a7d7e65622052c5/cropped-SANS-Blue-Square-270x270.png"><meta data-n-head="ssr" data-hid="description" name="description" property="description" content="FOR577 teaches the skills needed to identify, analyze, and respond to attacks on Linux platforms and how to use threat-hunting techniques to find even the stealthiest attacker."><meta data-n-head="ssr" data-hid="og:image" name="og:image" property="og:image" content="https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltf9dc0da8d0b3a77a/65f857e996251b7c0971ff1e/FOR577_Curriculum_Course_Social_Cards_DFIR-Final-Keyobard-Generic.jpg"><title>FOR577: Linux Incident Response & Threat Hunting | SANS Institute</title><base href="/cyber-security-courses/"><link data-n-head="ssr" rel="icon" href="https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt2f0555dca45e068f/60a7f26ea450c25ac83cf8f6/cropped-SANS-Blue-Square-32x32.png" sizes="32x32"><link data-n-head="ssr" rel="icon" href="https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt3b9dbc8492637093/60a7f2761df7ea69b75ba460/cropped-SANS-Blue-Square-192x192.png" sizes="192x192"><link data-n-head="ssr" rel="apple-touch-icon" href="https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltb065db290a92f932/60a7f27dc8faf774ab45ffd9/cropped-SANS-Blue-Square-180x180.png"><link data-n-head="ssr" rel="canonical" href="https://www.sans.org/cyber-security-courses/linux-threat-hunting-incident-response/"><style data-n-head="ssr" type="text/css">.requires-login{display:none!important}.requires-login-flex{display:none!important}</style><script data-n-head="ssr" type="application/json" id="site-info">{"environment":"ssg-course","built":"2024-12-01T18:23:46.502Z","site":"ssg-course","packages":{"ssg-common":"10.51.0","contentstack_helpers":"2.0.1"}}</script><script data-n-head="ssr" type="text/javascript" data-hid="login-app-head">!function(i,o){function e(){o.probablyLoggedIn=!1;try{const n=i.cookie.split(";").map(function(e){return e.trim()}).filter(function(e){return e.startsWith("idp_jwt")})[0].substr(8);var e=JSON.parse(atob(n.split(".")[1]));if(!e||!e.idp_attributes)throw new Error("malformed token");var t=parseInt(e.exp)-(new Date).getTime()/1e3;if(t<0)throw new Error("token expired");t<11700&&setTimeout(function(){fetch("https://idp.sans.org/simplesaml/module.php/sans/jwtrefreshtoken.php?AuthState=0&method=token",{credentials:"include",headers:{Authorization:"Bearer "+n}})},5e3),o.probablyLoggedIn=!0,o.User=e.idp_attributes;var r=i.createElement("style");r.innerHTML=".requires-login { display: block !important; } .requires-login.focus { display: flex !important; } .requires-login-flex { display: flex !important; } .user-not-logged-in { display: none !important; } ",i.head.appendChild(r)}catch(e){}}/MSIE \d|Trident.*rv:/.test(navigator.userAgent)&&window.addEventListener("load",function(){console.log("page is fully loaded"),e()}),e()}(document,window)</script><script data-n-head="ssr" type="text/javascript" src="//cdn.evgnet.com/beacon/sansccybersecurity/sans_prod/scripts/evergage.min.js"></script><script data-n-head="ssr" type="application/ld+json">{"@context":"http://schema.org/","@type":"Course","name":"FOR577: LINUX Incident Response and Threat Hunting™","description":"FOR577 teaches the skills needed to identify, analyze, and respond to attacks on Linux platforms and how to use threat hunting techniques to find the stealthy attackers who can bypass existing controls. The course addresses today's incidents by teaching the hands-on incident response and threat hunting tactics and techniques that elite responders and hunters are successfully using to combat real-world breach cases. 23 hands-on labs","educationalCredentialAwarded":"","educationalLevel":"Advanced","image":"https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt30b49455f589d225/SANS-Logo","offers":"Paid","provider":{"@type":"Organization","name":"SANS","sameAs":"https://www.sans.org"},"url":"https://www.sans.org/cyber-security-courses/linux-threat-hunting-incident-response/","hasCourseInstance":[{"@type":"CourseInstance","courseMode":"Online and In-person","courseWorkload":"6 days","instructor":{"@type":"Person","name":"Tarot (Taz) Wake","image":"https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blta2d39252163fc73d/5f4c3913d3f9000eac80c048/Taz_Wake_2.png"}}]}</script><link rel="preload" href="/cyber-security-courses/_nuxt/40df9f2.js" as="script"><link rel="preload" href="/cyber-security-courses/_nuxt/390ee57.js" as="script"><link rel="preload" href="/cyber-security-courses/_nuxt/css/8e319f9.css" as="style"><link rel="preload" href="/cyber-security-courses/_nuxt/a097c55.js" as="script"><link rel="preload" href="/cyber-security-courses/_nuxt/css/fd21fb5.css" as="style"><link rel="preload" href="/cyber-security-courses/_nuxt/9cff839.js" as="script"><link rel="preload" href="/cyber-security-courses/_nuxt/css/2c3f786.css" as="style"><link rel="preload" href="/cyber-security-courses/_nuxt/215e82d.js" as="script"><link rel="stylesheet" href="/cyber-security-courses/_nuxt/css/8e319f9.css"><link rel="stylesheet" href="/cyber-security-courses/_nuxt/css/fd21fb5.css"><link rel="stylesheet" href="/cyber-security-courses/_nuxt/css/2c3f786.css"> </head> <body class="skeleton" data-n-head="%7B%22class%22:%7B%22ssr%22:%22skeleton%22%7D%7D">  <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5T9DW3B" height="0" width="0" style="display:none;visibility:hidden"></iframe> </noscript>  <div data-server-rendered="true" id="__nuxt"><div id="__layout"><div class="page course-overview-page" data-v-daec289e data-v-1605a5f6><header class="header" data-v-daec289e><div class="mega-header-container" data-v-1f8f96a3 data-v-1605a5f6><div data-v-1f8f96a3><div class="header-menu-wrapper" data-v-1f8f96a3><div class="header-menu menu-collapsed active-level-1" data-v-1f8f96a3><div class="header-menu-info" data-v-1f8f96a3><div class="logo-wrapper show" data-v-1f8f96a3><a href="/" title="homepage" aria-label="homepage" class="logo-header logo-sans" data-v-4132e363 data-v-1f8f96a3> homepage </a></div> <div class="icons" data-v-1f8f96a3> <a href="#" title="Open menu" class="open-close closed" data-v-1f8f96a3>Open menu</a></div> <div class="nav-cta-mobile shown" data-v-1f8f96a3><div class="nav-buttons" data-v-1f8f96a3><a href="/about/contact/sales/?msc=mega-nav-button" class="nav-button button button--small button--light button--primary" data-v-5041ef13 data-v-1f8f96a3> Talk with an expert </a></div></div> <a href="#" title="Go one level top" tabindex="-1" aria-hidden="true" class="back-link hidden" data-v-1f8f96a3> Go one level top </a> <div class="active-menu-item hidden" data-v-1f8f96a3> </div></div> <nav role="navigation" aria-label="Primary header menu" class="navigation primary" data-v-1f8f96a3><ul id="parent-menu" role="menubar" aria-label="Primary header menu" class="menu level1 primary" data-v-1f8f96a3><li aria-haspopup="true" aria-label="Train and Certify" role="none" class="item level1 primary children" data-v-1f8f96a3><a role="menuitem" href="/cyber-security-training-overview/" aria-label="Train and Certify" tabindex="0" class="link level1 primary" data-v-1f8f96a3> Train and Certify </a> <div aria-hidden="true" class="mega-menu" data-v-1f8f96a3><div class="mega-article hidden" data-v-1f8f96a3><div class="content" data-v-1f8f96a3><a href="/course-preview/" tabindex="-1" data-v-1f8f96a3><img src="https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blte8be34fc229589b9/6273dce3941a2939d3d00f0e/290x100_mega_nav_train_and_certify.jpg" class="teaser-image" data-v-1f8f96a3> <div class="article" data-v-1f8f96a3><h5 data-v-1f8f96a3>Free Course Demos</h5> <div data-v-1f8f96a3><p>Free course demos allow you to see course content, watch world-class instructors in action, and evaluate course difficulty.</p></div> <span class="mega-cta" data-v-1f8f96a3></span></div></a></div></div> <div class="mega-article-info" data-v-1f8f96a3><div class="article" data-v-1f8f96a3><h5 data-v-1f8f96a3>Train and Certify</h5> <div class="info" data-v-1f8f96a3><p><span>Immediately apply the skills and techniques learned in SANS courses, ranges, and summits</span></p></div> <div class="mega-info-cta" data-v-1f8f96a3><a href="/cyber-security-training-overview/" tabindex="-1" data-v-1f8f96a3> Learn More </a></div></div></div> <ul role="menu" aria-hidden="true" class="menu level2 primary" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Train and Certify Overview" role="none" class="item level2 primary" data-v-1f8f96a3><a role="menuitem" href="/cyber-security-training-overview/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Overview </a> </li><li aria-haspopup="true" aria-label="Courses" role="none" class="item level2 primary children" data-v-1f8f96a3><a role="menuitem" href="/cyber-security-courses/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Courses </a> <ul role="menu" aria-hidden="true" class="menu level3 primary" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Courses Overview" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/cybersecurity-courses/" aria-label="Courses Overview" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Overview </a> </li><li aria-haspopup="false" aria-label="Full Course List" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/cyber-security-courses/" aria-label="Full Course List" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Full Course List </a> </li><li aria-haspopup="true" aria-label="By Focus Areas" role="menuitem" class="item level3 primary children" data-v-1f8f96a3><a href="/cyber-security-courses/?focus-area=ai,cloud-security,cyber-defense,cyber-security-it-essentials,digital-forensics,industrial-control-systems-security,open-source-intelligence,leadership,offensive-operations,security-management-legal-audit,open-source-intelligence" aria-label="By Focus Areas" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> By Focus Areas </a> <ul role="menu" aria-hidden="true" class="menu level4 primary" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Artificial Intelligence" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/cyber-security-courses/?focus-area=ai" aria-label="Artificial Intelligence" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Artificial Intelligence </a></li><li aria-haspopup="false" aria-label="Cloud Security" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/cyber-security-courses/?focus-area=cloud-security" aria-label="Cloud Security" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Cloud Security </a></li><li aria-haspopup="false" aria-label="Cyber Defense" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/cyber-security-courses/?focus-area=cyber-defense" aria-label="Cyber Defense" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Cyber Defense </a></li><li aria-haspopup="false" aria-label="Cybersecurity and IT Essentials" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/cyber-security-courses/?focus-area=cyber-security-it-essentials" aria-label="Cybersecurity and IT Essentials" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Cybersecurity and IT Essentials </a></li><li aria-haspopup="false" aria-label="Cybersecurity Leadership" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/cyber-security-courses/?focus-area=leadership" aria-label="Cybersecurity Leadership" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Cybersecurity Leadership </a></li><li aria-haspopup="false" aria-label="DFIR" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/cyber-security-courses/?focus-area=digital-forensics" aria-label="DFIR" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> DFIR </a></li><li aria-haspopup="false" aria-label="Industrial Control Systems" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/cyber-security-courses/?focus-area=industrial-control-systems-security" aria-label="Industrial Control Systems" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Industrial Control Systems </a></li><li aria-haspopup="false" aria-label="Offensive Operations" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/cyber-security-courses/?focus-area=offensive-operations" aria-label="Offensive Operations" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Offensive Operations </a></li><li aria-haspopup="false" aria-label="Open-Source Intelligence" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/cyber-security-courses/?focus-area=open-source-intelligence" aria-label="Open-Source Intelligence" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Open-Source Intelligence </a></li></ul></li><li aria-haspopup="true" aria-label="By Skill Levels" role="menuitem" class="item level3 primary children" data-v-1f8f96a3><a href="/cyber-security-courses/?skill-level=new-to-cyber,essentials,advanced,expert" aria-label="By Skill Levels" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> By Skill Levels </a> <ul role="menu" aria-hidden="true" class="menu level4 primary" data-v-1f8f96a3><li aria-haspopup="false" aria-label="New to Cyber" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/cyber-security-courses/?skill-level=new-to-cyber" aria-label="New to Cyber" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> New to Cyber </a></li><li aria-haspopup="false" aria-label="Essentials" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/cyber-security-courses/?skill-level=essentials" aria-label="Essentials" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Essentials </a></li><li aria-haspopup="false" aria-label="Advanced" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/cyber-security-courses/?skill-level=advanced" aria-label="Advanced" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Advanced </a></li><li aria-haspopup="false" aria-label="Expert" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/cyber-security-courses/?skill-level=expert" aria-label="Expert" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Expert </a></li></ul></li><li aria-haspopup="true" aria-label="Training Formats" role="menuitem" class="item level3 primary children" data-v-1f8f96a3><a href="/cyber-security-training-formats/" aria-label="Training Formats" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Training Formats </a> <ul role="menu" aria-hidden="true" class="menu level4 primary" data-v-1f8f96a3><li aria-haspopup="false" aria-label="OnDemand" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/ondemand/" aria-label="OnDemand" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> OnDemand </a></li><li aria-haspopup="false" aria-label="In-Person" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/mlp/in-person-training/" aria-label="In-Person" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> In-Person </a></li><li aria-haspopup="false" aria-label="Live Online" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/mlp/live-online-training/" aria-label="Live Online" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Live Online </a></li></ul></li><li aria-haspopup="false" aria-label="Course Demos" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/course-preview/" aria-label="Course Demos" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Free Course Demos </a> </li></ul></li><li aria-haspopup="true" aria-label="Training Roadmaps" role="none" class="item level2 primary children" data-v-1f8f96a3><a role="menuitem" href="/cyber-security-skills-roadmap/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Training Roadmaps </a> <ul role="menu" aria-hidden="true" class="menu level3 primary" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Skills Roadmap" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/cyber-security-skills-roadmap/" aria-label="Skills Roadmap" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Skills Roadmap </a> </li><li aria-haspopup="true" aria-label="Focus Area Job Roles" role="menuitem" class="item level3 primary children" data-v-1f8f96a3><a href="/job-roles-roadmap/" aria-label="Focus Area Job Roles" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Focus Area Job Roles </a> <ul role="menu" aria-hidden="true" class="menu level4 primary" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Cyber Defense Job Roles" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/job-roles-roadmap/cyber-defense/" aria-label="Cyber Defense Job Roles" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Cyber Defense Job Roles </a></li><li aria-haspopup="false" aria-label="Offensive Operations Job Roles" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/job-roles-roadmap/offensive-operations/" aria-label="Offensive Operations Job Roles" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Offensive Operations Job Roles </a></li><li aria-haspopup="false" aria-label="DFIR Job Roles" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/job-roles-roadmap/digital-forensics-incident-response/" aria-label="DFIR Job Roles" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> DFIR Job Roles </a></li><li aria-haspopup="false" aria-label="Cloud Job Roles" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/job-roles-roadmap/cloud/" aria-label="Cloud Job Roles" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Cloud Job Roles </a></li><li aria-haspopup="false" aria-label="ICS Job Roles" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/job-roles-roadmap/industrial-control-systems/" aria-label="ICS Job Roles" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> ICS Job Roles </a></li><li aria-haspopup="false" aria-label="Leadership Job Roles" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/job-roles-roadmap/leadership/" aria-label="Leadership Job Roles" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Leadership Job Roles </a></li></ul></li><li aria-haspopup="true" aria-label="NICE Framework" role="menuitem" class="item level3 primary children" data-v-1f8f96a3><a href="/nice-framework/" aria-label="NICE Framework" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> NICE Framework </a> <ul role="menu" aria-hidden="true" class="menu level4 primary" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Oversight and Governance" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/nice-framework/oversight-governance/" aria-label="Oversight and Governance" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Oversight and Governance </a></li><li aria-haspopup="false" aria-label="Design and Development" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/nice-framework/design-development/" aria-label="Design and Development" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Design and Development </a></li><li aria-haspopup="false" aria-label="Implementation and Operation" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/nice-framework/implementation-operation/" aria-label="Implementation and Operation" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Implementation and Operation </a></li><li aria-haspopup="false" aria-label="Protection and Defense" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/nice-framework/protection-defense/" aria-label="Protection and Defense" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Protection and Defense </a></li><li aria-haspopup="false" aria-label="Investigation" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/nice-framework/investigation/" aria-label="Investigation" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Investigation </a></li><li aria-haspopup="false" aria-label="Cyberspace Intelligence" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/nice-framework/cyberspace-intelligence/" aria-label="Cyberspace Intelligence" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Cyberspace Intelligence </a></li><li aria-haspopup="false" aria-label="Cyberspace Effects" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/nice-framework/cyberspace-effects/" aria-label="Cyberspace Effects" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Cyberspace Effects </a></li><li aria-haspopup="false" aria-label="Industrial Control Systems" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/nice-framework/industrial-control-systems/" aria-label="Industrial Control Systems" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Industrial Control Systems </a></li></ul></li><li aria-haspopup="false" aria-label="European Skills Framework" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/ecsf-framework/" aria-label="European Skills Framework" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> European Skills Framework </a> </li></ul></li><li aria-haspopup="false" aria-label="GIAC Certifications" role="none" class="item level2 primary" data-v-1f8f96a3><a role="menuitem" href="/cyber-security-certifications/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> GIAC Certifications </a> </li><li aria-haspopup="true" aria-label="Training Events & Summits" role="none" class="item level2 primary children" data-v-1f8f96a3><a role="menuitem" href="/cyber-security-training-events/?training-formats=in_person,live_online&event-types=summit,training_event&per-page=100" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Training Events & Summits </a> <ul role="menu" aria-hidden="true" class="menu level3 primary" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Events Overview" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/cyber-security-events/" aria-label="Events Overview" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Events Overview </a> </li><li aria-haspopup="true" aria-label="In-Person Event Locations" role="menuitem" class="item level3 primary children" data-v-1f8f96a3><a href="/cyber-security-training-events/?training-formats=in_person,live_online&event-types=summit,training_event&per-page=100" aria-label="In-Person Event Locations" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> In-Person Event Locations </a> <ul role="menu" aria-hidden="true" class="menu level4 primary" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Asia" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/cyber-security-training-events/?location=asia&per-page=50" aria-label="Asia" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Asia </a></li><li aria-haspopup="false" aria-label="Australia & New Zealand" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/cyber-security-training-events/?location=australia-and-new-zealand&per-page=50" aria-label="Australia & New Zealand" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Australia & New Zealand </a></li><li aria-haspopup="false" aria-label="Latin America" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/cyber-security-training-events/?location=latin-america&per-page=50" aria-label="Latin America" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Latin America </a></li><li aria-haspopup="false" aria-label="Mainland Europe" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/cyber-security-training-events/?location=mainland-europe&per-page=50" aria-label="Mainland Europe" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Mainland Europe </a></li><li aria-haspopup="false" aria-label="Middle East & Africa" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/cyber-security-training-events/?location=middle-east-turkey-and-africa&per-page=50" aria-label="Middle East & Africa" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Middle East & Africa </a></li><li aria-haspopup="false" aria-label="Scandinavia" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/cyber-security-training-events/?location=scandinavia&per-page=50" aria-label="Scandinavia" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Scandinavia </a></li><li aria-haspopup="false" aria-label="United Kingdom & Ireland" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/cyber-security-training-events/?location=united-kingdom-and-ireland&per-page=50" aria-label="United Kingdom & Ireland" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> United Kingdom & Ireland </a></li><li aria-haspopup="false" aria-label="United States & Canada" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/cyber-security-training-events/?location=usa-and-canada&per-page=50" aria-label="United States & Canada" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> United States & Canada </a></li></ul></li><li aria-haspopup="false" aria-label="Live Online Events List" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/cyber-security-training-events/?training-formats=live_online" aria-label="Live Online Events List" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Live Online Events List </a> </li><li aria-haspopup="false" aria-label="Summits" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/cyber-security-summit/" aria-label="Summits" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Summits </a> </li></ul></li><li aria-haspopup="false" aria-label="OnDemand" role="none" class="item level2 primary" data-v-1f8f96a3><a role="menuitem" href="/ondemand/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> OnDemand </a> </li><li aria-haspopup="true" aria-label="Get Started in Cyber" role="none" class="item level2 primary children" data-v-1f8f96a3><a role="menuitem" href="/cybersecurity-careers/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Get Started in Cyber </a> <ul role="menu" aria-hidden="true" class="menu level3 primary" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Overview" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/cybersecurity-careers/" aria-label="Overview" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Overview </a> </li><li aria-haspopup="false" aria-label="Degree and Certificate Programs" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="https://www.sans.edu/academics/launch-your-cybersecurity-career/" aria-label="Degree and Certificate Programs" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Degree and Certificate Programs </a> </li><li aria-haspopup="false" aria-label="Scholarships" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/cyber-academy/" aria-label="Scholarships" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Scholarships </a> </li><li aria-haspopup="false" aria-label="Free Training & Resources" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/cyberaces/" aria-label="Free Training & Resources" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Free Training & Resources </a> </li></ul></li><li aria-haspopup="false" aria-label="Cyber Ranges" role="none" class="item level2 primary" data-v-1f8f96a3><a role="menuitem" href="/cyber-ranges/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Cyber Ranges </a> </li></ul></div></li><li aria-haspopup="true" aria-label="For Organizations" role="none" class="item level1 primary children" data-v-1f8f96a3><a role="menuitem" href="/enterprise-solutions/" aria-label="For Organizations" tabindex="0" class="link level1 primary" data-v-1f8f96a3> For Organizations </a> <div aria-hidden="true" class="mega-menu" data-v-1f8f96a3><div class="mega-article hidden" data-v-1f8f96a3><div class="content" data-v-1f8f96a3><a href="https://www.sans.org/mlp/zero-trust-white-paper/" tabindex="-1" data-v-1f8f96a3><img src="https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltf47dc15d424f72e4/6273dce39dad2234e4d02e02/290x100_mega_nav9_manage_your_team.jpg" class="teaser-image" data-v-1f8f96a3> <div class="article" data-v-1f8f96a3><h5 data-v-1f8f96a3>SANS CISO Primer: 4 Cyber Trends</h5> <div data-v-1f8f96a3><p>This CISO Primer highlights four major cybersecurity trends SANS experts believe will move the needle for CISOs in 2024.<br></p></div> <span class="mega-cta" data-v-1f8f96a3></span></div></a></div></div> <div class="mega-article-info" data-v-1f8f96a3><div class="article" data-v-1f8f96a3><h5 data-v-1f8f96a3>For Organizations</h5> <div class="info" data-v-1f8f96a3><p>Build a world-class cyber team with our workforce development programs.</p></div> <div class="mega-info-cta" data-v-1f8f96a3><a href="/enterprise-solutions/" tabindex="-1" data-v-1f8f96a3> Learn More </a></div></div></div> <ul role="menu" aria-hidden="true" class="menu level2 primary" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Overview" role="none" class="item level2 primary" data-v-1f8f96a3><a role="menuitem" href="/enterprise-solutions/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Overview </a> </li><li aria-haspopup="false" aria-label="Group Purchasing" role="none" class="item level2 primary" data-v-1f8f96a3><a role="menuitem" href="/group-purchasing/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Group Purchasing </a> </li><li aria-haspopup="true" aria-label="Build Your Team" role="none" class="item level2 primary children" data-v-1f8f96a3><a role="menuitem" href="/build-your-team/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Build Your Team </a> <ul role="menu" aria-hidden="true" class="menu level3 primary" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Assessments" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/cybersecurity-assessments/" aria-label="Assessments" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Assessments </a> </li><li aria-haspopup="false" aria-label="Private Training" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/private-training/" aria-label="Private Training" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Private Training </a> </li><li aria-haspopup="true" aria-label="By Industry" role="menuitem" class="item level3 primary children" data-v-1f8f96a3><a href="/industries/" aria-label="By Industry" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> By Industry </a> <ul role="menu" aria-hidden="true" class="menu level4 primary" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Health Care" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/healthcare-cybersecurity/" aria-label="Health Care" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Health Care </a></li><li aria-haspopup="false" aria-label="Industrial Control Systems Security" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/industrial-control-systems-security/" aria-label="Industrial Control Systems Security" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Industrial Control Systems Security </a></li><li aria-haspopup="false" aria-label="Military" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/dod/" aria-label="Military" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Military </a></li></ul></li></ul></li><li aria-haspopup="true" aria-label="Leadership Training" role="none" class="item level2 primary children" data-v-1f8f96a3><a role="menuitem" href="/cybersecurity-leadership/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Leadership Training </a> <ul role="menu" aria-hidden="true" class="menu level3 primary" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Leadership Courses" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/cyber-security-courses/?focus-area=security-management-legal-audit" aria-label="Leadership Courses" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Leadership Courses </a> </li><li aria-haspopup="false" aria-label="Executive Cybersecurity Exercises" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/cybersecurity-leadership/executive-cybersecurity-exercises/" aria-label="Executive Cybersecurity Exercises" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Executive Cybersecurity Exercises </a> </li><li aria-haspopup="false" aria-label="Leadership Simulation Game" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/cybersecurity-leadership/cyber42/" aria-label="Leadership Simulation Game" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Leadership Simulation Game </a> </li></ul></li></ul></div></li><li aria-haspopup="true" aria-label="Security Awareness" role="none" class="item level1 primary children" data-v-1f8f96a3><a role="menuitem" href="/security-awareness-training/" aria-label="Security Awareness" tabindex="0" class="link level1 primary" data-v-1f8f96a3> Security Awareness </a> <div aria-hidden="true" class="mega-menu" data-v-1f8f96a3><div class="mega-article hidden" data-v-1f8f96a3><div class="content" data-v-1f8f96a3><a href="https://www.sans.org/security-awareness-training/resources/reports/sar/" tabindex="-1" data-v-1f8f96a3><img src="https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt1733d7a8ff26d5ad/6273dce39dfd5f30d076efa0/290x100_mega_nav3_security_awareness.jpg" class="teaser-image" data-v-1f8f96a3> <div class="article" data-v-1f8f96a3><h5 data-v-1f8f96a3>2024 Security Awareness Report</h5> <div data-v-1f8f96a3><p>Embedding a Strong Security Culture</p></div> <span class="mega-cta" data-v-1f8f96a3></span></div></a></div></div> <div class="mega-article-info" data-v-1f8f96a3><div class="article" data-v-1f8f96a3><h5 data-v-1f8f96a3>Security Awareness</h5> <div class="info" data-v-1f8f96a3><p><span>Increase your staff’s cyber awareness, help them change their behaviors, and reduce your organizational risk</span></p></div> <div class="mega-info-cta" data-v-1f8f96a3><a href="/security-awareness-training/" tabindex="-1" data-v-1f8f96a3> Learn More </a></div></div></div> <ul role="menu" aria-hidden="true" class="menu level2 primary" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Overview" role="none" class="item level2 primary" data-v-1f8f96a3><a role="menuitem" href="/security-awareness-training/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Overview </a> </li><li aria-haspopup="true" aria-label="Products & Services" role="none" class="item level2 primary children" data-v-1f8f96a3><a role="menuitem" href="/security-awareness-training/products/security-awareness-solutions/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Products & Services </a> <ul role="menu" aria-hidden="true" class="menu level3 primary" data-v-1f8f96a3><li aria-haspopup="true" aria-label="Security Awareness Training" role="menuitem" class="item level3 primary children" data-v-1f8f96a3><a href="/security-awareness-training/products/security-awareness-solutions/" aria-label="Security Awareness Training" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Security Awareness Training </a> <ul role="menu" aria-hidden="true" class="menu level4 primary" data-v-1f8f96a3><li aria-haspopup="false" aria-label="EndUser Training" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/security-awareness-training/products/security-awareness-solutions/end-user/" aria-label="EndUser Training" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> EndUser Training </a></li><li aria-haspopup="false" aria-label="Phishing Platform" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/security-awareness-training/products/security-awareness-solutions/phishing/" aria-label="Phishing Platform" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Phishing Platform </a></li></ul></li><li aria-haspopup="true" aria-label="Specialized" role="menuitem" class="item level3 primary children" data-v-1f8f96a3><a href="/security-awareness-training/products/specialized-training/" aria-label="Specialized" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Specialized </a> <ul role="menu" aria-hidden="true" class="menu level4 primary" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Developer Training" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/security-awareness-training/products/specialized-training/developer/" aria-label="Developer Training" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Developer Training </a></li><li aria-haspopup="false" aria-label="ICS Engineer Training" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/security-awareness-training/products/specialized-training/ics-engineer/" aria-label="ICS Engineer Training" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> ICS Engineer Training </a></li><li aria-haspopup="false" aria-label="IT Administrator" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/security-awareness-training/products/security-awareness-solutions/it-admin/" aria-label="IT Administrator" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> IT Administrator </a></li><li aria-haspopup="false" aria-label="NERC CIP Training" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/security-awareness-training/products/specialized-training/nerc-cip/" aria-label="NERC CIP Training" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> NERC CIP Training </a></li><li aria-haspopup="false" aria-label="Role-based PCI DSS Compliance Training" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/security-awareness-training/products/security-awareness-solutions/pci-dss/" aria-label="Role-based PCI DSS Compliance Training" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Role-based PCI DSS Compliance Training </a></li><li aria-haspopup="false" aria-label="Security Essentials for Business Leaders and Managers " role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/security-awareness-training/products/specialized-training/essentials-for-business-leaders/" aria-label="Security Essentials for Business Leaders and Managers " tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Security Essentials for Business Leaders and Managers </a></li><li aria-haspopup="false" aria-label="Workforce Risk Management Fundamentals for AI" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/security-awareness-training/products/specialized-training/workforce-risk-management-fundamentals-ai/" aria-label="Workforce Risk Management Fundamentals for AI" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Workforce Risk Management Fundamentals for AI </a></li></ul></li><li aria-haspopup="true" aria-label="Risk Assessments" role="menuitem" class="item level3 primary children" data-v-1f8f96a3><a href="/security-awareness-training/products/cyber-risk-insight-suite/" aria-label="Risk Assessments" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Risk Assessments </a> <ul role="menu" aria-hidden="true" class="menu level4 primary" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Knowledge Assessment" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/security-awareness-training/products/cyber-risk-insight-suite/knowledge/" aria-label="Knowledge Assessment" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Knowledge Assessment </a></li><li aria-haspopup="false" aria-label="Culture Assessment" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/security-awareness-training/products/cyber-risk-insight-suite/culture/" aria-label="Culture Assessment" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Culture Assessment </a></li></ul></li></ul></li><li aria-haspopup="false" aria-label="OUCH! Newsletter" role="none" class="item level2 primary" data-v-1f8f96a3><a role="menuitem" href="/newsletters/ouch/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> OUCH! Newsletter </a> </li><li aria-haspopup="true" aria-label="Career Development" role="none" class="item level2 primary children" data-v-1f8f96a3><a role="menuitem" href="/security-awareness-training/career-development/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Career Development </a> <ul role="menu" aria-hidden="true" class="menu level3 primary" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Overview" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/security-awareness-training/career-development/" aria-label="Overview" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Overview </a> </li><li aria-haspopup="false" aria-label="Training & Courses" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/security-awareness-training/career-development/" aria-label="Training & Courses" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Training & Courses </a> </li><li aria-haspopup="false" aria-label="Professional Credential" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/security-awareness-training/career-development/credential/" aria-label="Professional Credential" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Professional Credential </a> </li></ul></li><li aria-haspopup="false" aria-label="Blog" role="none" class="item level2 primary" data-v-1f8f96a3><a role="menuitem" href="/blog/?focus-area=security-awareness" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Blog </a> </li><li aria-haspopup="false" aria-label="Partners" role="none" class="item level2 primary" data-v-1f8f96a3><a role="menuitem" href="/security-awareness-training/partners/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Partners </a> </li><li aria-haspopup="false" aria-label="Reports & Case Studies" role="none" class="item level2 primary" data-v-1f8f96a3><a role="menuitem" href="/security-awareness-training/resources/reports/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Reports & Case Studies </a> </li></ul></div></li><li aria-haspopup="true" aria-label="Resources" role="none" class="item level1 primary children" data-v-1f8f96a3><a role="menuitem" href="/security-resources/?msc=main-nav" aria-label="Resources" tabindex="0" class="link level1 primary" data-v-1f8f96a3> Resources </a> <div aria-hidden="true" class="mega-menu" data-v-1f8f96a3><div class="mega-article hidden" data-v-1f8f96a3><div class="content" data-v-1f8f96a3><a href="/information-security-policy/?msc=nav-teaser" tabindex="-1" data-v-1f8f96a3><img src="https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt08fed20a2b957c76/6273dce36ed4423afc98e390/290x100_mega_nav4_resources.jpg" class="teaser-image" data-v-1f8f96a3> <div class="article" data-v-1f8f96a3><h5 data-v-1f8f96a3>Security Policy Templates</h5> <div data-v-1f8f96a3><p>In collaboration with security subject-matter experts, SANS has developed a set of security policy templates for your use.</p></div> <span class="mega-cta" data-v-1f8f96a3></span></div></a></div></div> <div class="mega-article-info" data-v-1f8f96a3><div class="article" data-v-1f8f96a3><h5 data-v-1f8f96a3>Resources</h5> <div class="info" data-v-1f8f96a3><span>Enhance your skills with access to thousands of free resources, 150+ instructor-developed tools, and the latest cybersecurity news and analysis</span></div> <div class="mega-info-cta" data-v-1f8f96a3><a href="/security-resources/?msc=nav-teaser" tabindex="-1" data-v-1f8f96a3> Browse Here </a></div></div></div> <ul role="menu" aria-hidden="true" class="menu level2 primary" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Resources Overview" role="none" class="item level2 primary" data-v-1f8f96a3><a role="menuitem" href="/security-resources/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Overview </a> </li><li aria-haspopup="true" aria-label="Webcasts" role="none" class="item level2 primary children" data-v-1f8f96a3><a role="menuitem" href="/webcasts/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Webcasts </a> <ul role="menu" aria-hidden="true" class="menu level3 primary reverse-layout" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Webinars" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/webcasts/" aria-label="Webinars" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Webinars </a> </li><li aria-haspopup="true" aria-label="Live Streams" role="menuitem" class="item level3 primary children" data-v-1f8f96a3><a href="/mlp/live-streams/" aria-label="Live Streams" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Live Streams </a> <ul role="menu" aria-hidden="true" class="menu level4 primary reverse-layout" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Wait Just An Infosec" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/mlp/wait-just-an-infosec/" aria-label="Wait Just An Infosec" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Wait Just An Infosec </a></li><li aria-haspopup="false" aria-label=" Cybersecurity Leadership" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/cybersecurity-leadership/live-streams/" aria-label=" Cybersecurity Leadership" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Cybersecurity Leadership </a></li><li aria-haspopup="false" aria-label="SANS Threat Analysis Rundown (STAR)" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/mlp/star-webcast/" aria-label="SANS Threat Analysis Rundown (STAR)" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> SANS Threat Analysis Rundown (STAR) </a></li></ul></li></ul></li><li aria-haspopup="true" aria-label="Summits & Forums" role="none" class="item level2 primary children" data-v-1f8f96a3><a role="menuitem" href="/mlp/free-cybersecurity-events/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Free Cybersecurity Events </a> <ul role="menu" aria-hidden="true" class="menu level3 primary reverse-layout" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Free Events Overview" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/mlp/free-cybersecurity-events/" aria-label="Free Events Overview" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Free Events Overview </a> </li><li aria-haspopup="false" aria-label="Summits" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/cyber-security-summit/" aria-label="Summits" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Summits </a> </li><li aria-haspopup="false" aria-label="Solutions Forums" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/mlp/free-cybersecurity-events/#sponsored-events" aria-label="Solutions Forums" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Solutions Forums </a> </li><li aria-haspopup="false" aria-label="Community Nights" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/mlp/community-night-events/" aria-label="Community Nights" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Community Nights </a> </li><li aria-haspopup="false" aria-label="Community Nights" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/workshops/" aria-label="Community Nights" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Workshops </a> </li></ul></li><li aria-haspopup="true" aria-label="Content" role="none" class="item level2 primary children" data-v-1f8f96a3><a role="menuitem" href="/security-resources/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Content </a> <ul role="menu" aria-hidden="true" class="menu level3 primary reverse-layout" data-v-1f8f96a3><li aria-haspopup="true" aria-label="Newsletters" role="menuitem" class="item level3 primary children" data-v-1f8f96a3><a href="/newsletters/" aria-label="Newsletters" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Newsletters </a> <ul role="menu" aria-hidden="true" class="menu level4 primary reverse-layout" data-v-1f8f96a3><li aria-haspopup="false" aria-label="NewsBites" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/newsletters/newsbites/" aria-label="NewsBites" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> NewsBites </a></li><li aria-haspopup="false" aria-label="@RISK" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/newsletters/at-risk/" aria-label="@RISK" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> @RISK </a></li><li aria-haspopup="false" aria-label="OUCH! Newsletter" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/newsletters/ouch/" aria-label="OUCH! Newsletter" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> OUCH! Newsletter </a></li></ul></li><li aria-haspopup="false" aria-label="Blog" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/blog/" aria-label="Blog" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Blog </a> </li><li aria-haspopup="true" aria-label="Podcasts" role="menuitem" class="item level3 primary children" data-v-1f8f96a3><a href="/podcasts/" aria-label="Podcasts" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Podcasts </a> <ul role="menu" aria-hidden="true" class="menu level4 primary reverse-layout" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Blueprint" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/podcasts/blueprint/" aria-label="Blueprint" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Blueprint </a></li><li aria-haspopup="false" aria-label="Trust Me, I'm Certified" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="https://www.giac.org/podcasts/" aria-label="Trust Me, I'm Certified" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Trust Me, I'm Certified </a></li><li aria-haspopup="false" aria-label="Cloud Ace" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/podcasts/cloud-ace/" aria-label="Cloud Ace" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Cloud Ace </a></li><li aria-haspopup="false" aria-label="Wait Just an Infosec" role="menuitem" class="item level4 primary" data-v-1f8f96a3><a href="/podcasts/wait-just-an-infosec/" aria-label="Wait Just an Infosec" tabindex="-1" class="link level4 primary" data-v-1f8f96a3> Wait Just an Infosec </a></li></ul></li><li aria-haspopup="false" aria-label="Summit Presentations" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/presentations/" aria-label="Summit Presentations" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Summit Presentations </a> </li><li aria-haspopup="false" aria-label="Posters & Cheat Sheets" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/posters/" aria-label="Posters & Cheat Sheets" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Posters & Cheat Sheets </a> </li></ul></li><li aria-haspopup="false" aria-label="Internet Storm Center" role="none" class="item level2 primary" data-v-1f8f96a3><a role="menuitem" href="https://isc.sans.edu/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Internet Storm Center </a> </li><li aria-haspopup="true" aria-label="Research" role="none" class="item level2 primary children" data-v-1f8f96a3><a role="menuitem" href="/security-resources/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Research </a> <ul role="menu" aria-hidden="true" class="menu level3 primary reverse-layout" data-v-1f8f96a3><li aria-haspopup="false" aria-label="White Papers" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/white-papers/" aria-label="White Papers" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> White Papers </a> </li><li aria-haspopup="false" aria-label="Security Policies" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/information-security-policy/" aria-label="Security Policies" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Security Policies </a> </li></ul></li><li aria-haspopup="false" aria-label="Tools" role="none" class="item level2 primary" data-v-1f8f96a3><a role="menuitem" href="/tools/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Tools </a> </li><li aria-haspopup="true" aria-label="Focus Areas" role="none" class="item level2 primary children" data-v-1f8f96a3><a role="menuitem" href="/cybersecurity-focus-areas/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Focus Areas </a> <ul role="menu" aria-hidden="true" class="menu level3 primary reverse-layout" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Artificial Intelligence" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/ai/" aria-label="Artificial Intelligence" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Artificial Intelligence </a> </li><li aria-haspopup="false" aria-label="Cloud Security" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/cloud-security/" aria-label="Cloud Security" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Cloud Security </a> </li><li aria-haspopup="false" aria-label="Cyber Defense" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/cyber-defense/" aria-label="Cyber Defense" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Cyber Defense </a> </li><li aria-haspopup="false" aria-label="Cybersecurity Leadership" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/cybersecurity-leadership/" aria-label="Cybersecurity Leadership" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Cybersecurity Leadership </a> </li><li aria-haspopup="false" aria-label="Digital Forensics & Incident Response" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/digital-forensics-incident-response/" aria-label="Digital Forensics & Incident Response" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Digital Forensics & Incident Response </a> </li><li aria-haspopup="false" aria-label="Industrial Control Systems" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/industrial-control-systems-security/" aria-label="Industrial Control Systems" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Industrial Control Systems </a> </li><li aria-haspopup="false" aria-label="Offensive Operations" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/offensive-operations/" aria-label="Offensive Operations" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Offensive Operations </a> </li><li aria-haspopup="false" aria-label="Open-Source Intelligence (OSINT)" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/osint/" aria-label="Open-Source Intelligence (OSINT)" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Open-Source Intelligence (OSINT) </a> </li></ul></li></ul></div></li><li aria-haspopup="true" aria-label="Get Involved" role="none" class="item level1 primary children" data-v-1f8f96a3><a role="menuitem" href="/get-involved/" aria-label="Get Involved" tabindex="0" class="link level1 primary" data-v-1f8f96a3> Get Involved </a> <div aria-hidden="true" class="mega-menu" data-v-1f8f96a3><div class="mega-article hidden" data-v-1f8f96a3><div class="content" data-v-1f8f96a3><a href="/account/create/" tabindex="-1" data-v-1f8f96a3><img src="https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltbe97e5485d2294e7/6273dce33debbf3afdd2d898/290x100_mega_nav_get_involved.jpg" class="teaser-image" data-v-1f8f96a3> <div class="article" data-v-1f8f96a3><h5 data-v-1f8f96a3>Join the Community</h5> <div data-v-1f8f96a3><p>Membership of the SANS.org Community grants you access to cutting edge cyber security news, training, and free tools that can't be found elsewhere.</p></div> <span class="mega-cta" data-v-1f8f96a3></span></div></a></div></div> <div class="mega-article-info" data-v-1f8f96a3><div class="article" data-v-1f8f96a3><h5 data-v-1f8f96a3>Get Involved</h5> <div class="info" data-v-1f8f96a3><p><span>Help keep the cyber community one step ahead of threats. Join the SANS community or begin your journey of becoming a SANS Certified Instructor today.</span></p></div> <div class="mega-info-cta" data-v-1f8f96a3><a href="/get-involved/" tabindex="-1" data-v-1f8f96a3> Learn More </a></div></div></div> <ul role="menu" aria-hidden="true" class="menu level2 primary" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Overview" role="none" class="item level2 primary" data-v-1f8f96a3><a role="menuitem" href="/get-involved/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Overview </a> </li><li aria-haspopup="false" aria-label="Join the Community" role="none" class="item level2 primary" data-v-1f8f96a3><a role="menuitem" href="/account/create" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Join the Community </a> </li><li aria-haspopup="false" aria-label="Work Study" role="none" class="item level2 primary" data-v-1f8f96a3><a role="menuitem" href="/work-study-program/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Work Study </a> </li><li aria-haspopup="false" aria-label="Teach for SANS" role="none" class="item level2 primary" data-v-1f8f96a3><a role="menuitem" href="/teach/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Teach for SANS </a> </li><li aria-haspopup="false" aria-label="CISO Network" role="none" class="item level2 primary" data-v-1f8f96a3><a role="menuitem" href="/mlp/ciso-network/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> CISO Network </a> </li><li aria-haspopup="false" aria-label="Partnerships" role="none" class="item level2 primary" data-v-1f8f96a3><a role="menuitem" href="/partnerships/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Partnerships </a> </li><li aria-haspopup="false" aria-label="Sponsorship Opportunities" role="none" class="item level2 primary" data-v-1f8f96a3><a role="menuitem" href="/sponsorship/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Sponsorship Opportunities </a> </li><li aria-haspopup="false" aria-label="Partner Portal" role="none" class="item level2 primary" data-v-1f8f96a3><a role="menuitem" href="https://partnerportal.sans.org/" tabindex="-1" target="_blank" class="link level2 primary external" data-v-1f8f96a3> Partner Portal </a> </li></ul></div></li><li aria-haspopup="true" aria-label="About" role="none" class="item level1 primary children" data-v-1f8f96a3><a role="menuitem" href="/about/" aria-label="About" tabindex="0" class="link level1 primary" data-v-1f8f96a3> About </a> <div aria-hidden="true" class="mega-menu" data-v-1f8f96a3><div class="mega-article hidden" data-v-1f8f96a3><div class="content" data-v-1f8f96a3><a href="/mission/" tabindex="-1" data-v-1f8f96a3><img src="https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltb48ea6f22e3c9a94/6273dce3d2794936634fa557/290x100_mega_nav7_about_us.jpg" class="teaser-image" data-v-1f8f96a3> <div class="article" data-v-1f8f96a3><h5 data-v-1f8f96a3>Our Mission</h5> <div data-v-1f8f96a3><p>To empower current and future cybersecurity practitioners around the world with immediately useful knowledge and capabilities, we deliver industry-leading community programs, resources and training.</p></div> <span class="mega-cta" data-v-1f8f96a3></span></div></a></div></div> <div class="mega-article-info" data-v-1f8f96a3><div class="article" data-v-1f8f96a3><h5 data-v-1f8f96a3>About</h5> <div class="info" data-v-1f8f96a3><p><span>Learn more about how SANS empowers and educates current and future cybersecurity practitioners with knowledge and skills.</span></p></div> <div class="mega-info-cta" data-v-1f8f96a3><a href="/about/" tabindex="-1" data-v-1f8f96a3> Learn More </a></div></div></div> <ul role="menu" aria-hidden="true" class="menu level2 primary" data-v-1f8f96a3><li aria-haspopup="true" aria-label="SANS" role="none" class="item level2 primary children" data-v-1f8f96a3><a role="menuitem" href="/about/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> SANS </a> <ul role="menu" aria-hidden="true" class="menu level3 primary reverse-layout" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Overview" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/about/" aria-label="Overview" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Overview </a> </li><li aria-haspopup="false" aria-label="Our Founder" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/about/our-founder/" aria-label="Our Founder" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Our Founder </a> </li><li aria-haspopup="false" aria-label="Awards" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/about/awards/" aria-label="Awards" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Awards </a> </li><li aria-haspopup="false" aria-label="Customer Reviews" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/customer-reviews/" aria-label="Customer Reviews" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Customer Reviews </a> </li><li aria-haspopup="false" aria-label="Trade Events" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/mlp/trade-events/" aria-label="Trade Events" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Trade Events </a> </li><li aria-haspopup="false" aria-label="Press" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/press/" aria-label="Press" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Press </a> </li><li aria-haspopup="false" aria-label="Policies and Procedures" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/legal" aria-label="Policies and Procedures" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Policies and Procedures </a> </li></ul></li><li aria-haspopup="true" aria-label="Instructors" role="none" class="item level2 primary children" data-v-1f8f96a3><a role="menuitem" href="/instructors/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Instructors </a> <ul role="menu" aria-hidden="true" class="menu level3 primary reverse-layout" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Our Instructors" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/instructors/" aria-label="Our Instructors" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Our Instructors </a> </li><li aria-haspopup="false" aria-label="Full Instructor List" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/profiles/instructors/" aria-label="Full Instructor List" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Full Instructor List </a> </li></ul></li><li aria-haspopup="true" aria-label="Mission" role="none" class="item level2 primary children" data-v-1f8f96a3><a role="menuitem" href="/mission/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Mission </a> <ul role="menu" aria-hidden="true" class="menu level3 primary reverse-layout" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Our Mission" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/mission/" aria-label="Our Mission" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Our Mission </a> </li><li aria-haspopup="false" aria-label="Diversity" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/about/diversity/" aria-label="Diversity" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Diversity </a> </li><li aria-haspopup="false" aria-label="Scholarships" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/cyber-academy/" aria-label="Scholarships" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Scholarships </a> </li></ul></li><li aria-haspopup="true" aria-label="Contact" role="none" class="item level2 primary children" data-v-1f8f96a3><a role="menuitem" href="/about/contact/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Contact </a> <ul role="menu" aria-hidden="true" class="menu level3 primary reverse-layout" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Contact Customer Service" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/about/contact/" aria-label="Contact Customer Service" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Contact Customer Service </a> </li><li aria-haspopup="false" aria-label="Contact Sales" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/about/contact/sales/" aria-label="Contact Sales" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Contact Sales </a> </li><li aria-haspopup="false" aria-label="Press & Media Enquiries" role="menuitem" class="item level3 primary" data-v-1f8f96a3><a href="/about/contact/press-enquiries/" aria-label="Press & Media Enquiries" tabindex="-1" class="link level3 primary" data-v-1f8f96a3> Press & Media Enquiries </a> </li></ul></li><li aria-haspopup="false" aria-label="Frequent Asked Questions" role="none" class="item level2 primary" data-v-1f8f96a3><a role="menuitem" href="/frequently-asked-questions/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Frequent Asked Questions </a> </li><li aria-haspopup="false" aria-label="Careers" role="none" class="item level2 primary" data-v-1f8f96a3><a role="menuitem" href="/mlp/careers/" tabindex="-1" class="link level2 primary" data-v-1f8f96a3> Careers </a> </li></ul></div></li></ul></nav> <nav role="navigation" aria-label="Secondary header menu" class="navigation secondary" data-v-1f8f96a3><ul role="menubar" aria-label="Secondary header menu" class="menu level1 secondary" data-v-1f8f96a3><li role="none" class="item level1 secondary search" data-v-1f8f96a3><a role="menuitem" href="#" aria-label="open search" class="link level1 secondary search" data-v-1f8f96a3 data-v-1f8f96a3></a> <label for="search-input" class="hidden" data-v-1f8f96a3 data-v-1f8f96a3><input id="search-input" role="search" placeholder="Search SANS..." class="addsearch hidden" data-v-1f8f96a3></label></li> <li aria-haspopup="true" aria-label="SANS Sites" role="menuitem" class="item level1 secondary sites children" data-v-1f8f96a3><a href="/" aria-label="SANS Sites" class="link level1 secondary" data-v-1f8f96a3> SANS Sites </a> <ul role="menu" aria-label="Secondary header menu" aria-hidden="true" class="menu level2 secondary" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Australia" role="none" class="item level2 secondary" data-v-1f8f96a3><a role="menuitem" href="/au_en/" aria-label="Australia" tabindex="-1" class="link level2 secondary" data-v-1f8f96a3> Australia </a></li><li aria-haspopup="false" aria-label="Belgium" role="none" class="item level2 secondary" data-v-1f8f96a3><a role="menuitem" href="/be_en/" aria-label="Belgium" tabindex="-1" class="link level2 secondary" data-v-1f8f96a3> Belgium </a></li><li aria-haspopup="false" aria-label="Brazil" role="none" class="item level2 secondary" data-v-1f8f96a3><a role="menuitem" href="/br_pt/" aria-label="Brazil" tabindex="-1" class="link level2 secondary" data-v-1f8f96a3> Brazil </a></li><li aria-haspopup="false" aria-label="France" role="none" class="item level2 secondary" data-v-1f8f96a3><a role="menuitem" href="/fr_fr/" aria-label="France" tabindex="-1" class="link level2 secondary" data-v-1f8f96a3> France </a></li><li aria-haspopup="false" aria-label="Japan" role="none" class="item level2 secondary" data-v-1f8f96a3><a role="menuitem" href="/jp_ja/" aria-label="Japan" tabindex="-1" class="link level2 secondary" data-v-1f8f96a3> Japan </a></li><li aria-haspopup="false" aria-label="Middle East & Africa" role="none" class="item level2 secondary" data-v-1f8f96a3><a role="menuitem" href="/mlp/middle-east-turkey-africa/" aria-label="Middle East & Africa" tabindex="-1" class="link level2 secondary" data-v-1f8f96a3> Middle East & Africa </a></li><li aria-haspopup="false" aria-label="Netherlands" role="none" class="item level2 secondary" data-v-1f8f96a3><a role="menuitem" href="/nl_en" aria-label="Netherlands" tabindex="-1" class="link level2 secondary" data-v-1f8f96a3> Netherlands </a></li><li aria-haspopup="false" aria-label="Singapore" role="none" class="item level2 secondary" data-v-1f8f96a3><a role="menuitem" href="/sg_en/" aria-label="Singapore" tabindex="-1" class="link level2 secondary" data-v-1f8f96a3> Singapore </a></li><li aria-haspopup="false" aria-label="Switzerland" role="none" class="item level2 secondary" data-v-1f8f96a3><a role="menuitem" href="/ch_en" aria-label="Switzerland" tabindex="-1" class="link level2 secondary" data-v-1f8f96a3> Switzerland </a></li><li aria-haspopup="false" aria-label="United Kingdom" role="none" class="item level2 secondary" data-v-1f8f96a3><a role="menuitem" href="/uk_en/?msc=utility-nav" aria-label="United Kingdom" tabindex="-1" class="link level2 secondary" data-v-1f8f96a3> United Kingdom </a></li></ul></li> <li aria-haspopup="false" aria-label="Log In" role="none" class="item level1 secondary user-not-logged-in login" data-v-1f8f96a3><a role="menuitem" href="/account/login" aria-label="Log In" class="link level1 secondary" data-v-1f8f96a3>Log In</a> </li><li aria-haspopup="false" aria-label="Join" role="none" class="item level1 secondary user-not-logged-in join" data-v-1f8f96a3><a role="menuitem" href="/account/create" aria-label="Join" class="link level1 secondary" data-v-1f8f96a3>Join</a> </li><li aria-haspopup="true" aria-label="Account" role="none" class="item level1 secondary children requires-login account" data-v-1f8f96a3><a role="menuitem" href="/account/" aria-label="Account" class="link level1 secondary" data-v-1f8f96a3></a> <ul role="menu" aria-label="Secondary header menu" aria-hidden="true" class="menu level2 secondary" data-v-1f8f96a3><li aria-haspopup="false" aria-label="Account Dashboard" role="none" class="item level2 secondary" data-v-1f8f96a3><a role="menuitem" href="/account/" aria-label="Account Dashboard" tabindex="-1" class="link level2 secondary" data-v-1f8f96a3> Account Dashboard </a></li><li aria-haspopup="false" aria-label="Log Out" role="none" class="item level2 secondary" data-v-1f8f96a3><a role="menuitem" href="/account/logout/" aria-label="Log Out" tabindex="-1" class="link level2 secondary" data-v-1f8f96a3> Log Out </a></li></ul></li> <li role="menuitem" class="nav-cta" data-v-1f8f96a3> <div class="nav-buttons" data-v-1f8f96a3><a href="/about/contact/sales/?msc=mega-nav-button" class="nav-button button button--small button--light button--primary" data-v-5041ef13 data-v-1f8f96a3> Talk with an expert </a></div> </li></ul></nav></div></div></div></div></header> <div class="pre-content" data-v-daec289e><div class="wrapper dark-theme" data-v-80bd5eae data-v-1605a5f6><nav class="breadcrumbs breadcrumbs breadcrumbs--dark" data-v-727b6978 data-v-80bd5eae><ol class="list" data-v-727b6978><li class="item" data-v-727b6978><a href="/" aria-current="" class="link" data-v-727b6978> Home </a> <span aria-hidden="true" class="delimiter" data-v-727b6978> > </span></li><li class="item" data-v-727b6978><a href="/cyber-security-courses/" aria-current="" class="link" data-v-727b6978> Courses </a> <span aria-hidden="true" class="delimiter" data-v-727b6978> > </span></li><li class="item" data-v-727b6978><a aria-current="" class="link" data-v-727b6978> FOR577: LINUX Incident Response and Threat Hunting™ </a> </li></ol></nav> <div class="container centered" data-v-80bd5eae><div class="leftSide" data-v-80bd5eae> <div class="leftSideContent" data-v-80bd5eae><div id="course-indicator" class="label label-yellow" data-v-2744ce18 data-v-80bd5eae>New</div> <h1 class="header" data-v-80bd5eae>FOR577: LINUX Incident Response and Threat Hunting™</h1> </div> <div class="belowTitle" data-v-80bd5eae><a href="/cyber-security-courses/linux-threat-hunting-incident-response/#register-now" type="button" class="button button--large button--dark button--primary" data-v-5041ef13 data-v-1605a5f6> Register Now </a>  <a href="https://www.sans.org/ondemand/get-demo/1450" class="button button--large button--dark button--secondary" data-v-5041ef13 data-v-1605a5f6> Course Preview </a> </div></div> <div class="rightSide" data-v-80bd5eae><div id="infoList" data-v-80bd5eae><div class="info-list invert" data-v-73b12a86 data-v-80bd5eae><ul data-v-73b12a86><li data-v-73b12a86><i class="fa fa-in-person" data-v-73b12a86></i> <span data-v-73b12a86>In Person <span>(6 days)</span></span></li><li data-v-73b12a86><i class="fa fa-on-demand" data-v-73b12a86></i> <span data-v-73b12a86>Online</span></li></ul></div> <div class="cpeCredits" data-v-80bd5eae>36 CPEs</div></div> <div class="description" data-v-80bd5eae><p>FOR577 teaches the skills needed to identify, analyze, and respond to attacks on Linux platforms and how to use threat hunting techniques to find the stealthy attackers who can bypass existing controls. The course addresses today's incidents by teaching the hands-on incident response and threat hunting tactics and techniques that elite responders and hunters are successfully using to combat real-world breach cases. 23 hands-on labs</p></div> <div class="course-authors" data-v-80bd5eae><h5 data-v-80bd5eae>Course Authors:</h5> <div class="authors" data-v-80bd5eae><a href="/profiles/tarot-wake" data-v-80bd5eae><div class="icon-info" data-v-19a4b6e3 data-v-80bd5eae><img src="https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blta2d39252163fc73d/5f4c3913d3f9000eac80c048/Taz_Wake_2.png" alt=" Tarot (Taz) Wake " class="icon" data-v-19a4b6e3> <div class="title" data-v-19a4b6e3><h5 class="name" data-v-19a4b6e3> Tarot (Taz) Wake </h5> <div data-v-19a4b6e3>Certified Instructor</div></div></div></a></div></div></div></div></div>  <div class="sticky-nav wrapper" style="--nav-offset:0px" data-v-3d85b845 data-v-1605a5f6> <div class="centered" data-v-3d85b845><div class="innerLinkWrapper" data-v-3d85b845><a id="tab-what-you-will-learn" href="/cyber-security-courses/linux-threat-hunting-incident-response#what-you-will-learn" alt="What You Will Learn" aria-label="What You Will Learn" class="link" data-v-3d85b845>What You Will Learn</a><a id="tab-course-syllabus" href="/cyber-security-courses/linux-threat-hunting-incident-response#course-syllabus" alt="Syllabus" aria-label="Syllabus" class="link" data-v-3d85b845>Syllabus</a><a id="tab-prereqs" href="/cyber-security-courses/linux-threat-hunting-incident-response#prereqs" alt="Prerequisites" aria-label="Prerequisites" class="link" data-v-3d85b845>Prerequisites</a><a id="tab-laptop-requirements" href="/cyber-security-courses/linux-threat-hunting-incident-response#laptop-requirements" alt="Laptop Requirements" aria-label="Laptop Requirements" class="link" data-v-3d85b845>Laptop Requirements</a><a id="tab-author-statement" href="/cyber-security-courses/linux-threat-hunting-incident-response#author-statement" alt="Author Statement" aria-label="Author Statement" class="link" data-v-3d85b845>Author Statement</a><a id="tab-register-now" href="/cyber-security-courses/linux-threat-hunting-incident-response#register-now" alt="Training & Pricing" aria-label="Training & Pricing" class="link" data-v-3d85b845>Training & Pricing</a></div></div></div></div>  <main class="main" data-v-daec289e><div class="centered" data-v-daec289e data-v-1605a5f6><div class="syllabus" data-v-daec289e data-v-1605a5f6> <h2 id="what-you-will-learn" class="section-header" data-v-1605a5f6> What You Will Learn </h2> <div data-v-daec289e data-v-1605a5f6><p>FOR577: Linux Threat Hunting & Incident Response provides responders and threat hunting teams with advanced skills to hunt down, identify, counter, and recover from a wide range of threats within enterprise networks, including advanced persistent threat (APT) nation-state adversaries, organized crime syndicates, and hactivism. Constantly updated, the course addresses today's incidents by teaching the hands-on incident response and threat hunting tactics and techniques that elite responders and hunters are successfully using to combat real-world breach cases.</p><p>FOR577 teaches the skills needed to identify, analyze, and respond to attacks on Linux platforms and how to use threat hunting techniques to find the stealthy attackers who can bypass existing controls. The concepts taught are built on common foundations in that we gather evidence, analyze it, and make decisions based on this analysis, all the while focusing on the specifics of the Linux platform. By using the tools built into the SANS SIFT Workstation, the course provides an all-inclusive solution that enables responders to quickly and effectively react to sophisticated intrusions.</p><p>During the course you will work through a number of exercises culminating in a final capstone, challenge built around a realistic attack with endpoint evidence, log data, and other artifacts you will encounter during day-to-day incident response activities. You will uncover evidence of an advanced threat actor working through a multiple-phase attack, going from reconnaissance to initial intrusion, then moving laterally throughout the organization's network. During the capstone you will bring together everything you have learned during the course and present your findings and recommendations on how security can be improved.</p><h3>You Will Be Able To</h3><ul><li>Use the tools, techniques, and procedures necessary to effectively hunt, detect, and contain a variety of adversaries and to remediate incidents</li><li>Hunt through and perform incident response on Linux systems using the SIFT Workstation</li><li>Identify and track malware beaconing outbound to its command and control (C2) channel via analytical techniques.</li><li>Determine how the breach occurred by identifying the beachhead and spear phishing attack mechanisms</li><li>Track user and attacker activity second-by-second on the system you are analyzing through in-depth timeline and super-timeline analysis</li><li>Identify lateral movement and pivots within your enterprise, showing how attackers transition from system to system without detection.</li><li>Track data movement as the attackers collect critical data and shift those data to exfiltration collection points</li><li>Recover and analyze archives and archive files (.rar, .tar, etc.) used by APT-like attackers to exfiltrate sensitive data from the enterprise network</li><li>Use collected data to perform effective remediation across the entire enterprise.</li></ul><h3>Business Takeaways</h3><ul><li>Understand attacker tradecraft in order to perform proactive compromise assessments</li><li>Upgrade detection capabilities by having a better understanding of novel attack techniques and available forensic artifacts, and by focusing on critical attack paths</li><li>Develop threat intelligence to track targeted adversaries and prepare for future intrusion events</li><li>Build advanced forensics skills to counter anti-forensics and data hiding from technical subjects for use in both internal and external investigations.</li></ul><h3>Course Topics</h3><ul><li>Advanced use of a wide range of best-of-breed open-source tools in the SIFT Workstation to perform incident response and digital forensics</li><li>Hunting and responding to advanced adversaries such as nation-state actors, organized crime, and hacktivists</li><li>Threat hunting techniques that will aid in quicker identification of breaches</li><li>Rapid incident response analysis and breach assessment</li><li>An incident response and intrusion forensics methodology</li><li>Evidence collection, including disk and memory, during incident response and threat hunting</li><li>Internal lateral movement analysis and detection</li><li>Rapid and deep-dive timeline creation and analysis</li><li>Adversary threat intelligence development, indicators of compromise, and usage</li><li>Cyber-kill chain strategies</li><li>Step-by-step tactics and procedures to respond to and investigate intrusion cases</li></ul><h3>What You Will Receive With This Course</h3><ul><li>SIFT Workstation</li></ul><p>This course uses the SIFT Workstation extensively to teach incident responders and forensic analysts how to investigate and respond to sophisticated attacks. The workstation contains hundreds of free and open-source tools, easily matching any modern forensic and incident response commercial response tool suite. A virtual machine is used with many of the hands-on class exercises. Features of the SIFT Workstation include:</p><ul><li><span>Ubuntu Linux LTS base</span></li><li><span>64-bit base system</span></li><li><span>Better memory utilization</span></li><li><span>Auto-DFIR package update and customizations</span></li><li><span>Latest forensics tools and techniques</span></li><li><span>VMware Appliance ready to tackle forensics</span></li><li><span>Cross-compatibility between Linux and Windows</span></li><li><span>Expanded file system support (NTFS, HFS, EXFAT, and more)</span></li></ul><ul><li>Electronic Download Package<ul><li>Case images (disk and memory) from systems compromised by an APT intrusion</li><li><span>SIFT Workstation virtual machines, tools, and documentation</span><span></span><span></span></li><li>Exercise book is over 250 pages long with detailed step-by-step instructions and examples to help you become a master incident responder.</li></ul></li></ul></div> <div class="sans-tipdown-listing syllabus-accordion" data-v-13f2113a data-v-1605a5f6><div class="title" data-v-13f2113a data-v-1605a5f6><h2 id="course-syllabus" class="section-header" data-v-1605a5f6> Syllabus <span class="small" data-v-1605a5f6>(36 CPEs)</span></h2> <a target="_blank" href="https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/bltc0b4fe7e481696e2/6722229838db44a6b0bce57d/SANS_Institute_FOR577_Brochure.pdf" id="brochure-download" class="tertiary-button button--small button--light active" data-v-44b30884 data-v-1605a5f6><strong data-v-44b30884 data-v-1605a5f6> Download PDF </strong></a></div> <ul itemtype="https://schema.org/FAQPage" itemscope class="sans-tipdown-listing-list expansive" data-v-13f2113a><li itemscope itemprop="mainEntity" itemtype="https://schema.org/Question" class="tipdown-item closed" data-v-13f2113a><details data-v-13f2113a><summary itemprop="name" tabindex="0" aria-expanded="false" data-v-13f2113a><h3 class="question" data-v-13f2113a>LINUX Incident Response And Analysis</h3></summary> <div itemscope itemprop="acceptedAnswer" itemtype="https://schema.org/Answer" class="tipdown-item-data" data-v-13f2113a><div itemprop="text" class="answer" data-v-13f2113a><h5>Overview</h5><p>Incident responders and threat hunters should be armed with the latest tools, techniques, and processes (TTPs) to identify, track, and contain advanced adversaries and to remediate incidents. It is important that our DFIR knowledge includes our own TTPs and those used by our adversaries. Section 1 introduces the fundamentals of incident response and then looks at the specific needs to carry out our duties in a Linux environment. The section starts by examining the reasons why we need incident response and presents SANS' six-step incident response methodology as it applies to an enterprise's response to a targeted attack. </p><p>This section will also introduce the Stark Skunkworks intrusion scenario, which sets the stage for our lab exercises and capstone challenge. This is followed by looking at how, as incident responders, we can use the Linux command line to our advantage and analyze common activity such as installing specific software packages. </p><p>We finish the section by looking at the importance of developing cyber threat intelligence to impact the adversaries' kill chain. We'll demonstrate forensic live response techniques and tactics that can be applied both to single systems and across the entire enterprise. </p><h5>Exercises</h5><ul><li>SIFT Workstation orientation</li><li>Situational awareness in incident response: Understanding Stark Skunkworks</li><li>Introduction to Linux commands and how to use them in Digital Forensics and Incident Response (DFIR)</li><li>Reviewing package management evidence</li><li>Threat intelligence and threat hunting</li></ul><h5>Topics</h5><ul><li>Why Incident Response Is Needed<ul><li>Who are our adversaries?</li><li><span>The current state of Linux intrusions</span></li></ul></li><li>The Incident Response Process<ul><li><span>Preparation: Key tools, techniques, and procedures that an incident response team needs to respond properly to intrusions</span></li><li><span>Identification/Scoping: Proper scoping of an incident and detecting all compromised systems in the enterprise</span></li><li><span>Containment/Intelligence Development: Restricting access, monitoring, and learning about the adversary in order to develop threat intelligence</span></li><li><span>Eradication/Remediation: Determining and executing key steps that must be taken to help stop the current incident and then move to real-time remediation</span></li><li><span>Recovery: Recording the threat intelligence to be used in the event of a similar adversary returning to the enterprise</span></li><li><span>Avoiding "Whack-A-Mole" Incident Response: Going beyond immediate eradication without proper incident scoping/containment</span></li></ul></li><li>SRL Skunkworks<ul><li><span>Introduction to the course scenario</span></li><li><span>Client background</span></li></ul></li><li>Introduction to Linux<ul><li><span>Linux basics</span></li><li><span>DFIR challenges</span></li><li><span>The distro problem</span></li><li><span>Linux terminal basics</span></li></ul></li><li>Package Management<ul><li><span>Distro differences</span></li><li><span>Package management tool differences</span></li><li><span>Manual analysis</span></li></ul></li><li>Threat Intelligence and Host-based Threat Hunting<ul><li><span>Hunting vs. reactive response</span></li><li><span>Intelligence-driven incident response</span></li><li><span>Building a continuous incident response/threat hunting capability</span></li><li><span>Forensic analysis versus threat hunting across endpoints</span></li><li><span>Threat hunt team roles</span></li></ul></li></ul></div> </div></details></li><li itemscope itemprop="mainEntity" itemtype="https://schema.org/Question" class="tipdown-item closed" data-v-13f2113a><details data-v-13f2113a><summary itemprop="name" tabindex="0" aria-expanded="false" data-v-13f2113a><h3 class="question" data-v-13f2113a>Disk Analysis and Evidence Collection</h3></summary> <div itemscope itemprop="acceptedAnswer" itemtype="https://schema.org/Answer" class="tipdown-item-data" data-v-13f2113a><div itemprop="text" class="answer" data-v-13f2113a><h5>Overview</h5><p align="left">Disk evidence collection and analysis skills are crucial for incident responders, forensic investigators, and threat hunters because they allow for identifying the source and scope of a security breach. Digital forensic experts need to collect and preserve data from disk storage devices such as hard drives, solid-state drives, and USB drives in order to determine how an attack occurred, what data was accessed or stolen, and who was responsible. Without this critical evidence, it is challenging to reconstruct the events leading up to the breach and determine the necessary steps to prevent similar incidents from happening in the future.</p><p align="left">Moreover, disk analysis skills help responders and investigators identify the type of malware or malicious code used in the attack. This information is essential to determine the tactics, techniques, and procedures used by the attackers and their motivations. By analyzing the data stored on disks, responders and investigators can identify suspicious files, unusual network traffic patterns, and other indicators of compromise. They can then use this information to develop countermeasures to mitigate the risk of further attacks.</p><p align="left">Fundamentally, the ability to collect evidence from disks is critical for DFIR because most digital evidence is stored on disk storage devices, making the devices an essential source of information for responders, investigators, and threat hunters. Even if you just need to collect log data, being able to collect it from a disk image opens up opportunities for a broad range of incident response solutions. In addition, disk storage devices often hold deleted files and other remnants of past activities, which can provide valuable clues to the sequence of events leading up to an incident.</p><p></p><h5>Exercises</h5><ul><li>Introduction to the Sleuth Kit </li><li>Reviewing filesystem data </li><li>Disk evidence collection</li><li>Reviewing operating system filesystems</li></ul><h5>Topics</h5><ul><li>The Sleuth Kit<ul><li><span>Introduction and the layers model</span></li><li><span>Filesystem layer tools</span></li><li><span>Filename layer tools</span></li><li><span>Metadata layer tools</span></li><li><span>Data units layer tools</span></li><li>Application layer tools</li></ul></li></ul><ul><li>Linux File Systems<ul><li>Overview</li><li>Basic structures - superblocks and inodes</li><li><span>Ext family</span></li><li><span>XFS family</span></li><li><span>Manually extracting data</span></li></ul></li><li>Disk Evidence Collection<ul><li><span>Physical vs. virtual systems</span></li><li>dd</li><li><span>dcfldd</span></li><li><span>dc3dd</span></li><li><span>Ewfacquire</span></li></ul></li><li>Image Mounting<ul><li><span>RAW/Simple files</span></li><li><span>E01 format evidence files</span></li><li><span>Complex files</span></li></ul></li><li>Operating System File Structures<ul><li><span>File system hierarchy</span></li><li><span>Boot file locations</span></li><li><span>Binary file locations</span></li><li><span>Configuration file locations</span></li><li><span>Devices and driver file locations</span></li><li><span>Shared libraries</span></li><li><span>User profiles</span></li><li><span>Optionally installed files</span></li><li><span>Temporary file locations</span></li><li><span>Runtime data</span></li></ul></li><li>File System Artifacts<ul><li><span>Hunting tips</span></li><li><span>Areas to investigate</span></li></ul></li></ul></div> </div></details></li><li itemscope itemprop="mainEntity" itemtype="https://schema.org/Question" class="tipdown-item closed" data-v-13f2113a><details data-v-13f2113a><summary itemprop="name" tabindex="0" aria-expanded="false" data-v-13f2113a><h3 class="question" data-v-13f2113a>LINUX Logging and Log Analysis</h3></summary> <div itemscope itemprop="acceptedAnswer" itemtype="https://schema.org/Answer" class="tipdown-item-data" data-v-13f2113a><div itemprop="text" class="answer" data-v-13f2113a><h5>Overview</h5><p>Section 3 looks at how to use the data logged by the operating system to profile the device and analyze boot sequences, kernel activity, logins and user events. The section covers default log data, Auditd (although this isn't enabled by default on all Linux distros, you should definitely consider turning it on) and the Operating System Journal. </p><p>Log data is a fundamental evidence source for incident response and threat hunting. It allows investigators to understand what happened and when it happened. Using built-in capabilities, we can peel back the actions of our adversaries and, with well-configured logging, make it almost impossible for an attacker to completely hide from our investigation. Unfortunately, Linux logging can be significantly different from what we are used to -- especially if we have come from a Windows DFIR background. Significant issues faced by investigators include the different ways Linux distro's log data and a mix between UTC and local timestamps. This section will look at strategies you can implement to manage and mitigate these issues.</p><h5>Exercises</h5><ul><li>System and log profiling</li><li>Reviewing system logs</li><li>Analyzing authentication logs</li><li>Reviewing webserver logs</li><li>Reviewing database logs</li><li>AuditD logs the Journal</li></ul><h5>Topics</h5><ul><li>Device Profiling<ul><li><p>Evidence management</p></li><li><span>Confirm the device</span></li><li><span>Check time zones</span></li><li><span>Validate the distro</span></li></ul></li></ul><ul><li>Linux Logs<ul><li><span>Linux logging basics</span></li><li><span>Log analysis strategies</span></li><li><span>Syslog and Logrotate</span></li><li><span>Global system logs -- logging the kernel, boot processes, system messages and background services</span></li><li><span>Authentication logs -- authentication, privilege use, binary and plain text log formats</span></li><li><span>Application logs -- webservers, databases, filesharing and firewall logs</span></li></ul></li><li><p>Auditd</p><ul><li><span>Introduction</span></li><li><span>Log file format</span></li><li><span>Analysis techniques</span></li></ul></li></ul><ul><li>The Operating System Journal<ul><li><span>Introduction</span></li><li><span>How the journal works</span></li><li><span>What gets logged</span></li><li><span>Analysis techniques</span></li></ul></li></ul></div> </div></details></li><li itemscope itemprop="mainEntity" itemtype="https://schema.org/Question" class="tipdown-item closed" data-v-13f2113a><details data-v-13f2113a><summary itemprop="name" tabindex="0" aria-expanded="false" data-v-13f2113a><h3 class="question" data-v-13f2113a>Live Response and Volatile Data</h3></summary> <div itemscope itemprop="acceptedAnswer" itemtype="https://schema.org/Answer" class="tipdown-item-data" data-v-13f2113a><div itemprop="text" class="answer" data-v-13f2113a><h5>Overview</h5><p align="left">Section 4 expands on the knowledge we have built so far and introduces tools and techniques to respond to intrusions in larger enterprises. The section starts by looking at how to scale your response and some of the tools that can assist with this. This topic is then developed further as we move into Endpoint Detection and Response (EDR) solutions for the Linux environment and introduce two alternatives to expensive commercial EDR tools -- OSSEC and Velociraptor. We'll cover how to configure and deploy both tools, enabling you to make sure that all your Linux devices have good quality monitoring and response capabilities.</p><p align="left">Finally, this section looks at Linux memory structures and how to collect volatile data for analysis. Given that this can be a complex process, and that analytical tools today are still not what they should be, we also look at using live response techniques to view this data on a target system. This has the added benefit of being something we can leverage through EDR tools, reducing the time and bandwidth required to capture memory from systems where the installed RAM could be running in the hundreds of gigabytes.</p><p></p><h5>Exercises</h5><ul><li>EDR Tools</li><li>Capturing RAM</li><li>Live memory analysis</li></ul><h5>Topics</h5><ul><li>Enterprise Response<ul><li><span>Introduction</span></li><li><span>Problems and solutions</span></li><li><span>Tools to consider</span></li></ul></li><li>Endpoint Detection and Response (EDR)<ul><li><span>Introduction</span></li><li><span>Linux EDR issues</span></li><li><span>Alternatives to commercial EDR</span></li><li><span>OSSEC deployment and use</span></li><li><span>Velociraptor deployment and use</span></li></ul></li><li>Linux Memory and DFIR<ul><li><span>Why memory matters</span></li><li><span>Memory acquisition with AVML</span></li><li><span>Memory locations on the filesystem</span></li></ul></li><li>Live memory analysis<ul><li><span>Reviewing /proc</span></li><li><span>Live response workflow</span></li></ul></li></ul></div> </div></details></li><li itemscope itemprop="mainEntity" itemtype="https://schema.org/Question" class="tipdown-item closed" data-v-13f2113a><details data-v-13f2113a><summary itemprop="name" tabindex="0" aria-expanded="false" data-v-13f2113a><h3 class="question" data-v-13f2113a>Advanced Incident Response Techniques</h3></summary> <div itemscope itemprop="acceptedAnswer" itemtype="https://schema.org/Answer" class="tipdown-item-data" data-v-13f2113a><div itemprop="text" class="answer" data-v-13f2113a><h5>Overview</h5><p align="left">This course section builds on the previous sections by looking at how we can use our increased knowledge to enhance our incident response work. We start by looking at triage, which is essential for any modern incident response, especially in large enterprises. We introduce the concept of rapidly assessing systems to make quick decisions about which devices need further investigation. This approach allows us to quickly work through large environments and focus our investigative efforts where they provide maximum value. We'll also look at freely available tools that help facilitate triage and improve response times.</p><p align="left">The section then moves to looking at timeline generation. Timelines are arguably an incident responder's superpower, allowing you to uncover some of the deepest secrets about an attack. We will look at two basic methods for building timelines and how to analyze them effectively.</p><p align="left">Once we understand the timelines, we will look at how attackers try to defeat them, then examine the most common anti-forensic techniques and how incident responders can minimize their impact on the investigation. We close the section with a broad discussion on how to make incident response in Linux better.</p><p></p><h5>Exercises</h5><ul><li>Running triage tools</li><li>Triage assessment</li><li>Filesystem timelines</li><li>Super timeline creation</li><li>Super timeline analysis</li></ul><h5>Topics</h5><ul><li>Triage and DFIR Tools<ul><li><span>Introduction and concepts</span></li><li><span>Workflow</span></li><li><span>Collecting the data</span></li><li><span>Open-source triage tools</span></li><li><span>CyLR</span></li><li><span>GRR</span></li><li><span>Velociraptor offline collectors</span></li><li><span>Dissect</span></li><li><span>Triage with UAC</span></li><li><span>Build your own triage scripts</span></li></ul></li><li>Timelines<ul><li><span>Introduction</span></li><li><span>Types of timelines</span></li><li><span>Filesystem timeline creation and analysis</span></li><li><span>Super-timeline creation and analysis</span></li><li><span>Targeted timeline creation</span></li></ul></li><li>Anti-Forensics<ul><li><span>What to look for</span></li><li><span>Timestamp manipulation</span></li><li><span>Recovering deleted files</span></li></ul></li><li>Improving Incident Response<ul><li><span>Workflows</span></li><li><span>Hardening the environment</span></li></ul></li></ul></div> </div></details></li><li itemscope itemprop="mainEntity" itemtype="https://schema.org/Question" class="tipdown-item closed" data-v-13f2113a><details data-v-13f2113a><summary itemprop="name" tabindex="0" aria-expanded="false" data-v-13f2113a><h3 class="question" data-v-13f2113a>The APT Incident Response Challenge</h3></summary> <div itemscope itemprop="acceptedAnswer" itemtype="https://schema.org/Answer" class="tipdown-item-data" data-v-13f2113a><div itemprop="text" class="answer" data-v-13f2113a><h5>Overview</h5><p>This incredibly rich and realistic Intrusion Forensic Challenge is based on a real-world advanced persistent threat (APT) group. It brings together techniques learned throughout the course and tests your newly acquired skills in a case that simulates an attack by an advanced adversary. The challenge is based on a real intrusion into a Linux enterprise environment. You will be asked to uncover how the systems were compromised in the initial intrusion, find other systems the adversary moved to laterally, and identify intellectual property stolen via data exfiltration. This capstone exercise will enable you to leave the course with hands-on experience investigating realistic attacks, curated by a cadre of instructors with decades of experience fighting advanced threats from attackers ranging from nation-states to financial crime syndicates and hactivist groups.</p><h5>Topics</h5><ul><li>Work in incident response teams to analyze multiple systems in an enterprise network</li><li>Learn to identify and track attacker actions across a multi-device environment finding initial exploitation, reconnaissance, persistence, privilege escalation, lateral movement, and data theft/exfiltration</li><li>Witness and participate in a team-based approach to incident response</li><li>Discover evidence of some of the most common and sophisticated attacks in the wild, including custom nation-state malware.</li><li>Each team will be asked to answer key questions, just as they would during a real breach in their organizations, in critical areas outlined below:</li></ul><h6>Identification and Scoping:</h6><ul><li>When did the APT group breach our network?</li><li>How did the attackers get into the environment?</li><li>What systems were compromised?</li><li>What accounts and privileges did the attackers attain on each system?</li><li>When and how did the attackers first laterally move to each system?</li></ul><h6>Containment and Threat Intelligence Gathering:</h6><ul><li>Once on other systems, what did the attackers look for on each system?</li><li>What data was exfiltrated and how? Determine what was stolen (recover any archives exfiltrated, find encoding passwords, and extract the contents to verify extracted data) and perform damage assessments.</li><li>Collect and list all malware used in the attack.</li><li>Develop and present security intelligence or an indicator of compromise for the APT group "beacon" malware for both host- and network-based enterprise scoping. What specific indicators exist for the use of this malware?</li></ul><h6>Remediation and Recovery:</h6><ul><li>What accounts need password changes? Did any malicious accounts get created?</li><li>Based on the attacker techniques and tools discovered during the incident, what are the recommended steps to remediate and recover from this incident?<ul><li><span>What systems need to be rebuilt?</span></li><li><span>What IP addresses need to be blocked?</span></li><li><span>What countermeasures should we deploy to slow or stop these attackers if they come back?</span></li><li><span>What recommendations would you make to detect these intruders in our network again?</span></li></ul></li></ul></div> </div></details></li></ul></div>  <div class="section" data-v-daec289e data-v-1605a5f6><h2 id="prereqs" class="section-header" data-v-1605a5f6> Prerequisites </h2> <div data-v-daec289e data-v-1605a5f6><p align="left">FOR577 is an advanced incident response course that focuses on the Linux operating system. We do not cover basic forensic techniques or introductory attacker techniques. Students are not expected to have detailed understanding of Linux, but it is strongly recommended that they have at least the level of knowledge provided by the SANS SEC401 or SEC406 courses.</p></div></div> <div class="section" data-v-daec289e data-v-1605a5f6><h2 id="laptop-requirements" class="section-header" data-v-1605a5f6> Laptop Requirements </h2> <div data-v-daec289e data-v-1605a5f6><h5>Important - Bring Your System Configured Using These Directions</h5><p>A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Therefore, we strongly urge you to arrive with a system meeting all the requirements specified for the course.</p><p>As a summary, you can use any operating system that also can install and run VMware virtualization products. <strong>Please note, macOS computers with M1/M2/M3 chips are not currently supported and cannot run the virtual machines provided for this course.</strong></p><p>Please download and install <a href="https://www.vmware.com/products/workstation-pro.html" target="_blank" rel="nofollow" class="external-link">VMware Workstation 15</a> or <a href="https://www.vmware.com/products/fusion.html" target="_blank" rel="nofollow" class="external-link">VMware Fusion 7</a> or higher versions on your system before the start of the class. If you do not own a licensed copy of VMware Workstation or Fusion, you can download a free 30-day trial copy from VMware. VMware will send you a time-limited serial number if you register for the trial on its website.</p><p>This is common sense, but we will say it anyway: Back up your system before class. Better yet, do not have any sensitive data stored on the system. SANS cannot be responsible for your system or data.</p><h5>Mandatory FOR577 System Hardware Requirements:</h5><ul><li>CPU: 64-bit Intel i5/i7 x64 2.0+ GHz (4th generation or above) processor or higher-based system is mandatory for this class (Important - Please Read: a 64-bit system processor is mandatory)</li><li><strong>CRITICAL NOTE: Apple Silicon devices cannot perform the necessary virtualization and therefore cannot in any way be used for this course.</strong></li><li>BIOS settings must be set to enable virtualization technology, such as "Intel-VT." Be absolutely certain you can access your BIOS if it is password protected, in case changes are necessary.</li><li>16 GB of RAM or more is required.</li><li>350GB of free storage space or more is required.</li><li><span></span>At least one available USB 3.0 Type-A port. A Type-C to Type-A adapter may be necessary for newer laptops. Some endpoint protection software prevents the use of USB devices, so test your system with a USB drive before class.</li><li><span>Wireless networking (802.11 standard) is required. There is no wired Internet access in the classroom. Local Administrator Access is required. This is absolutely required. Don't let your IT team tell you otherwise. If your company will not permit this access for the duration of the course, then you should make arrangements to bring a different laptop.</span></li><li><span>Local Administrator Access is required. This is absolutely required. Don't let your IT team tell you otherwise. If your company will not permit this access for the duration of the course, then you should make arrangements to bring a different laptop.</span></li><li><span>PLEASE NOTE: Do NOT use the version of the SIFT Workstation downloaded from the Internet. We will provide a custom FOR577 version specifically configured for training on Day 1 of the course.</span></li></ul><h5>Mandatory FOR577 System Software Requirements (Please install the following before the beginning of the class):</h5><ol><li>Install <a href="https://www.vmware.com/products/workstation-pro.html" target="_blank" rel="nofollow" class="external-link">VMware Workstation 15</a> or <a href="https://www.vmware.com/products/workstation-pro.html" target="_blank" rel="nofollow" class="external-link">VMware Fusion 7</a> (or a higher version)</li><li>Download and install <a href="https://7-zip.org/" target="_blank" rel="nofollow" class="external-link">7Zip</a> on your host.</li></ol><p><strong>Additional notes:</strong></p><ul><li>Your course media is delivered via download from the SANS "Course Material Downloads" page. The media files for class will be large, in the 40 - 50 GB range. You need to allow plenty of time for the download to complete. Internet connections and speeds vary greatly and are dependent on many different factors. Therefore, it is not possible to give an estimate of the length of time it will take to download your materials. Please start your course media downloads as soon as you get the link. You will need your course media immediately on the first day of class. Waiting until the night before the class starts to begin your download has a high probability of failure.</li><li>SANS has begun providing printed materials in PDF form. This course uses an electronic workbook in addition to the PDFs. We have found that a second monitor and/or a tablet device can be useful for keeping the class materials visible while the instructor is presenting or while you are working on lab exercises.</li><li>Bring/install any other forensic tool you feel could be useful (EnCase, FTK, etc.). For the final challenge at the end of the course, you can utilize any forensic tool, including commercial capabilities. If you have any dongles, licensed software, you are free to use them.</li><li>Again, DO NOT use the version of the SIFT Workstation downloaded from the Internet. We will provide you with a version specifically configured for the FOR577 materials on Day 1 of the course.</li></ul><p>If you have additional questions about the laptop specifications, please contact <a href="https://www.sans.org/about/contact/" target="_self">customer service</a>.</p></div></div> <div class="section" data-v-daec289e data-v-1605a5f6><h2 id="author-statement" class="section-header" data-v-1605a5f6> Author Statement </h2> <div data-v-daec289e data-v-1605a5f6><p>"Linux is a mainstream operating system found in almost every enterprise. It is used to host critical services and store sensitive personal and financial data, and it powers the underlying infrastructure we use on a day-to-day basis, making it a high-value target for our adversaries. Additionally, there is often a perception that Linux is 'more secure' than other operating systems, which results in less thorough security tool coverage. These two elements combine to make Linux intrusions both increasingly common and harder for our Security Operations Center/Incident Response teams to fully respond to. In one recent incident, attackers installed a persistence mechanism in a company's firewall that remained undiscovered during Windows-focused response and remediation activities.</p><p>"All cybersecurity defenders need to have the knowledge to deal with attacks on every platform in our environments. This means it is essential to understand how to collect and analyze digital evidence from Linux systems to determine the extent of the damage and identify the root cause of an incident. By analyzing the digital evidence, defenders can identify indicators of compromise and determine the tools, techniques, and processes used by the attacker. This information can be used to develop countermeasures and prevent similar attacks from occurring in the future." </p><p>-Taz Wake</p></div></div></div> <div class="sidebar" data-v-daec289e data-v-1605a5f6><div data-v-daec289e data-v-1605a5f6><div class="ways-to-learn section-header vertical" data-v-0bf4ae89 data-v-1605a5f6><h4 class="heading" data-v-0bf4ae89> Ways to Learn </h4> <div class="wrapper" data-v-0bf4ae89><div data-v-0f3311cb data-v-0bf4ae89><div class="info-list" data-v-73b12a86 data-v-0f3311cb><ul data-v-73b12a86><li data-v-73b12a86><i class="fa fa-on-demand" data-v-73b12a86></i> <span data-v-73b12a86>OnDemand</span></li></ul></div> <p class="text paragraph" data-v-0f3311cb>Cybersecurity learning – at YOUR pace! OnDemand provides unlimited access to your training wherever, whenever. All labs, exercises, and live support from SANS subject matter experts included.</p>  <a class="scroll-link" data-v-0f3311cb>Register Now</a></div><div data-v-0f3311cb data-v-0bf4ae89><div class="info-list" data-v-73b12a86 data-v-0f3311cb><ul data-v-73b12a86><li data-v-73b12a86><i class="fa fa-live-online" data-v-73b12a86></i> <span data-v-73b12a86>Live Online</span></li></ul></div> <p class="text paragraph" data-v-0f3311cb>The full SANS experience live at home! Get the ultimate in virtual, interactive SANS courses with leading SANS instructors via live stream. Following class, plan to kick back and enjoy a keynote from the couch. </p>  <a class="scroll-link" data-v-0f3311cb>View Available Dates & Time Zones</a></div><div data-v-0f3311cb data-v-0bf4ae89><div class="info-list" data-v-73b12a86 data-v-0f3311cb><ul data-v-73b12a86><li data-v-73b12a86><i class="fa fa-in-person" data-v-73b12a86></i> <span data-v-73b12a86>In Person <span>(6 days)</span></span></li></ul></div> <p class="text paragraph" data-v-0f3311cb>Did someone say ALL-ACCESS? On-site immersion via in-classroom course sessions led by world-class SANS instructors fill your day, while bonus receptions and workshops fill your evenings. </p>  <a class="scroll-link" data-v-0f3311cb>View Available Dates & Locations</a></div></div></div></div>  <div data-v-daec289e data-v-1605a5f6><h4 class="section-header" data-v-1605a5f6> Who Should Attend FOR577? </h4> <div class="who-should-attend" data-v-daec289e data-v-1605a5f6><ul><li>Incident Response Team Members who regularly respond to complex security incidents/intrusions from APT groups/advanced adversaries and need to know how to detect, investigate, remediate, and recover from compromised Linux systems found in most enterprises today</li></ul><ul><li>Threat Hunters who are seeking to understand threats more fully and how to learn from them in order to more effectively hunt threats and counter their tradecraft</li><li>Experienced Digital Forensic Analysts who want to consolidate and expand their understanding of Linux incident response techniques and the unusual situations this operating system can create</li><li>Experienced Security Operations Center Analysts who want to expand their understanding of how to examine attacker activity on Linux platforms.</li><li>Information Security Professionals who may encounter data breach incidents and intrusions on Linux platforms</li><li>Federal Agents and Law Enforcement Professionals who want to master analysis of adversary behavior on Linux-based operating systems</li><li>Red Team Members, Penetration Testers, and Exploit Developers who want to learn how their opponents can identify their actions, how common mistakes can compromise operations on remote systems, and how to avoid those mistakes. This course covers remote system forensics and data collection techniques that can be easily integrated into post-exploit operating procedures and exploit-testing batteries.</li><li>SANS SEC401, SEC450, SEC504 and SEC500 Graduates looking to take their skills to the next level.</li><li>SANS SEC508 Graduates looking to learn how to adapt their skills to a different operating system.</li></ul></div> <a href="/cyber-security-courses/linux-threat-hunting-incident-response#prereqs" class="tertiary-button button--small button--light" data-v-e15d47ba data-v-1605a5f6> See prerequisites </a></div> <div data-v-daec289e data-v-1605a5f6><h4 class="section-header" style="margin:0" data-v-1605a5f6>Need to justify a training request to your manager?</h4> <p class="paragraph" data-v-1605a5f6> Use this justification letter template to share the key details of this training and certification opportunity with your boss. </p> <a href="https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/blt34981ff64188901a/660683e518980f44f7201995/SANS_Justify_Training_FOR577.docx" class="button button--large button--light button--primary" data-v-5041ef13 data-v-1605a5f6> Download the Letter </a></div> </div></div></main>   <div class="post-content" data-v-daec289e> <a id="training-and-pricing" class="sticky-anchor" data-v-daec289e data-v-1605a5f6></a>  <div id="register-now" class="centered dynamic-listing" data-v-1e5fb90a data-v-1605a5f6><div class="search-container" data-v-7da86b79 data-v-1e5fb90a><div class="sidebar" data-v-7da86b79><div class="view-wrapper" data-v-7da86b79 data-v-1e5fb90a><div id="timezone-wrapper" onchange="function onChange(n){return _this9.applyTimezone(n)}" class="select light large" data-v-1b4c0987 data-v-1e5fb90a><div class="wrp" data-v-1b4c0987><label for="timezone" class="label" data-v-1b4c0987>Display times in</label> <div class="combo-wrap" data-v-1b4c0987><div class="combo-wrap-inner" data-v-1b4c0987><input id="timezone" placeholder="Select timezone" autocomplete="chrome-off" value="Africa/Abidjan" class="combobox" data-v-1b4c0987> <div class="listbox listbox-for-timezone" data-v-1b4c0987><div data-optvalue="Africa/Abidjan" class="option" data-v-1b4c0987> Africa/Abidjan </div><div data-optvalue="Africa/Accra" class="option" data-v-1b4c0987> Africa/Accra </div><div data-optvalue="Africa/Addis_Ababa" class="option" data-v-1b4c0987> Africa/Addis Ababa </div><div data-optvalue="Africa/Algiers" class="option" data-v-1b4c0987> Africa/Algiers </div><div data-optvalue="Africa/Asmara" class="option" data-v-1b4c0987> Africa/Asmara </div><div data-optvalue="Africa/Asmera" class="option" data-v-1b4c0987> Africa/Asmera </div><div data-optvalue="Africa/Bamako" class="option" data-v-1b4c0987> Africa/Bamako </div><div data-optvalue="Africa/Bangui" class="option" data-v-1b4c0987> Africa/Bangui </div><div data-optvalue="Africa/Banjul" class="option" data-v-1b4c0987> Africa/Banjul </div><div data-optvalue="Africa/Bissau" class="option" data-v-1b4c0987> Africa/Bissau </div><div data-optvalue="Africa/Blantyre" class="option" data-v-1b4c0987> Africa/Blantyre </div><div data-optvalue="Africa/Brazzaville" class="option" data-v-1b4c0987> Africa/Brazzaville </div><div data-optvalue="Africa/Bujumbura" class="option" data-v-1b4c0987> Africa/Bujumbura </div><div data-optvalue="Africa/Cairo" class="option" data-v-1b4c0987> Africa/Cairo </div><div data-optvalue="Africa/Casablanca" class="option" data-v-1b4c0987> Africa/Casablanca </div><div data-optvalue="Africa/Ceuta" class="option" data-v-1b4c0987> Africa/Ceuta </div><div data-optvalue="Africa/Conakry" class="option" data-v-1b4c0987> Africa/Conakry </div><div data-optvalue="Africa/Dakar" class="option" data-v-1b4c0987> Africa/Dakar </div><div data-optvalue="Africa/Dar_es_Salaam" class="option" data-v-1b4c0987> Africa/Dar es Salaam </div><div data-optvalue="Africa/Djibouti" class="option" data-v-1b4c0987> Africa/Djibouti </div><div data-optvalue="Africa/Douala" class="option" data-v-1b4c0987> Africa/Douala </div><div data-optvalue="Africa/El_Aaiun" class="option" data-v-1b4c0987> Africa/El Aaiun </div><div data-optvalue="Africa/Freetown" class="option" data-v-1b4c0987> Africa/Freetown </div><div data-optvalue="Africa/Gaborone" class="option" data-v-1b4c0987> Africa/Gaborone </div><div data-optvalue="Africa/Harare" class="option" data-v-1b4c0987> Africa/Harare </div><div data-optvalue="Africa/Johannesburg" class="option" data-v-1b4c0987> Africa/Johannesburg </div><div data-optvalue="Africa/Juba" class="option" data-v-1b4c0987> Africa/Juba </div><div data-optvalue="Africa/Kampala" class="option" data-v-1b4c0987> Africa/Kampala </div><div data-optvalue="Africa/Khartoum" class="option" data-v-1b4c0987> Africa/Khartoum </div><div data-optvalue="Africa/Kigali" class="option" data-v-1b4c0987> Africa/Kigali </div><div data-optvalue="Africa/Kinshasa" class="option" data-v-1b4c0987> Africa/Kinshasa </div><div data-optvalue="Africa/Lagos" class="option" data-v-1b4c0987> Africa/Lagos </div><div data-optvalue="Africa/Libreville" class="option" data-v-1b4c0987> Africa/Libreville </div><div data-optvalue="Africa/Lome" class="option" data-v-1b4c0987> Africa/Lome </div><div data-optvalue="Africa/Luanda" class="option" data-v-1b4c0987> Africa/Luanda </div><div data-optvalue="Africa/Lubumbashi" class="option" data-v-1b4c0987> Africa/Lubumbashi </div><div data-optvalue="Africa/Lusaka" class="option" data-v-1b4c0987> Africa/Lusaka </div><div data-optvalue="Africa/Malabo" class="option" data-v-1b4c0987> Africa/Malabo </div><div data-optvalue="Africa/Maputo" class="option" data-v-1b4c0987> Africa/Maputo </div><div data-optvalue="Africa/Maseru" class="option" data-v-1b4c0987> Africa/Maseru </div><div data-optvalue="Africa/Mbabane" class="option" data-v-1b4c0987> Africa/Mbabane </div><div data-optvalue="Africa/Mogadishu" class="option" data-v-1b4c0987> Africa/Mogadishu </div><div data-optvalue="Africa/Monrovia" class="option" data-v-1b4c0987> Africa/Monrovia </div><div data-optvalue="Africa/Nairobi" class="option" data-v-1b4c0987> Africa/Nairobi </div><div data-optvalue="Africa/Ndjamena" class="option" data-v-1b4c0987> Africa/Ndjamena </div><div data-optvalue="Africa/Niamey" class="option" data-v-1b4c0987> Africa/Niamey </div><div data-optvalue="Africa/Nouakchott" class="option" data-v-1b4c0987> Africa/Nouakchott </div><div data-optvalue="Africa/Ouagadougou" class="option" data-v-1b4c0987> Africa/Ouagadougou </div><div data-optvalue="Africa/Porto-Novo" class="option" data-v-1b4c0987> Africa/Porto-Novo </div><div data-optvalue="Africa/Sao_Tome" class="option" data-v-1b4c0987> Africa/Sao Tome </div><div data-optvalue="Africa/Timbuktu" class="option" data-v-1b4c0987> Africa/Timbuktu </div><div data-optvalue="Africa/Tripoli" class="option" data-v-1b4c0987> Africa/Tripoli </div><div data-optvalue="Africa/Tunis" class="option" data-v-1b4c0987> Africa/Tunis </div><div data-optvalue="Africa/Windhoek" class="option" data-v-1b4c0987> Africa/Windhoek </div><div data-optvalue="America/Adak" class="option" data-v-1b4c0987> America/Adak </div><div data-optvalue="America/Anchorage" class="option" data-v-1b4c0987> America/Anchorage </div><div data-optvalue="America/Anguilla" class="option" data-v-1b4c0987> America/Anguilla </div><div data-optvalue="America/Antigua" class="option" data-v-1b4c0987> America/Antigua </div><div data-optvalue="America/Araguaina" class="option" data-v-1b4c0987> America/Araguaina </div><div data-optvalue="America/Argentina/Buenos_Aires" class="option" data-v-1b4c0987> America/Argentina/Buenos Aires </div><div data-optvalue="America/Argentina/Catamarca" class="option" data-v-1b4c0987> America/Argentina/Catamarca </div><div data-optvalue="America/Argentina/ComodRivadavia" class="option" data-v-1b4c0987> America/Argentina/ComodRivadavia </div><div data-optvalue="America/Argentina/Cordoba" class="option" data-v-1b4c0987> America/Argentina/Cordoba </div><div data-optvalue="America/Argentina/Jujuy" class="option" data-v-1b4c0987> America/Argentina/Jujuy </div><div data-optvalue="America/Argentina/La_Rioja" class="option" data-v-1b4c0987> America/Argentina/La Rioja </div><div data-optvalue="America/Argentina/Mendoza" class="option" data-v-1b4c0987> America/Argentina/Mendoza </div><div data-optvalue="America/Argentina/Rio_Gallegos" class="option" data-v-1b4c0987> America/Argentina/Rio Gallegos </div><div data-optvalue="America/Argentina/Salta" class="option" data-v-1b4c0987> America/Argentina/Salta </div><div data-optvalue="America/Argentina/San_Juan" class="option" data-v-1b4c0987> America/Argentina/San Juan </div><div data-optvalue="America/Argentina/San_Luis" class="option" data-v-1b4c0987> America/Argentina/San Luis </div><div data-optvalue="America/Argentina/Tucuman" class="option" data-v-1b4c0987> America/Argentina/Tucuman </div><div data-optvalue="America/Argentina/Ushuaia" class="option" data-v-1b4c0987> America/Argentina/Ushuaia </div><div data-optvalue="America/Aruba" class="option" data-v-1b4c0987> America/Aruba </div><div data-optvalue="America/Asuncion" class="option" data-v-1b4c0987> America/Asuncion </div><div data-optvalue="America/Atikokan" class="option" data-v-1b4c0987> America/Atikokan </div><div data-optvalue="America/Atka" class="option" data-v-1b4c0987> America/Atka </div><div data-optvalue="America/Bahia" class="option" data-v-1b4c0987> America/Bahia </div><div data-optvalue="America/Bahia_Banderas" class="option" data-v-1b4c0987> America/Bahia Banderas </div><div data-optvalue="America/Barbados" class="option" data-v-1b4c0987> America/Barbados </div><div data-optvalue="America/Belem" class="option" data-v-1b4c0987> America/Belem </div><div data-optvalue="America/Belize" class="option" data-v-1b4c0987> America/Belize </div><div data-optvalue="America/Blanc-Sablon" class="option" data-v-1b4c0987> America/Blanc-Sablon </div><div data-optvalue="America/Boa_Vista" class="option" data-v-1b4c0987> America/Boa Vista </div><div data-optvalue="America/Bogota" class="option" data-v-1b4c0987> America/Bogota </div><div data-optvalue="America/Boise" class="option" data-v-1b4c0987> America/Boise </div><div data-optvalue="America/Buenos_Aires" class="option" data-v-1b4c0987> America/Buenos Aires </div><div data-optvalue="America/Cambridge_Bay" class="option" data-v-1b4c0987> America/Cambridge Bay </div><div data-optvalue="America/Campo_Grande" class="option" data-v-1b4c0987> America/Campo Grande </div><div data-optvalue="America/Cancun" class="option" data-v-1b4c0987> America/Cancun </div><div data-optvalue="America/Caracas" class="option" data-v-1b4c0987> America/Caracas </div><div data-optvalue="America/Catamarca" class="option" data-v-1b4c0987> America/Catamarca </div><div data-optvalue="America/Cayenne" class="option" data-v-1b4c0987> America/Cayenne </div><div data-optvalue="America/Cayman" class="option" data-v-1b4c0987> America/Cayman </div><div data-optvalue="America/Chicago" class="option" data-v-1b4c0987> America/Chicago </div><div data-optvalue="America/Chihuahua" class="option" data-v-1b4c0987> America/Chihuahua </div><div data-optvalue="America/Ciudad_Juarez" class="option" data-v-1b4c0987> America/Ciudad Juarez </div><div data-optvalue="America/Coral_Harbour" class="option" data-v-1b4c0987> America/Coral Harbour </div><div data-optvalue="America/Cordoba" class="option" data-v-1b4c0987> America/Cordoba </div><div data-optvalue="America/Costa_Rica" class="option" data-v-1b4c0987> America/Costa Rica </div><div data-optvalue="America/Creston" class="option" data-v-1b4c0987> America/Creston </div><div data-optvalue="America/Cuiaba" class="option" data-v-1b4c0987> America/Cuiaba </div><div data-optvalue="America/Curacao" class="option" data-v-1b4c0987> America/Curacao </div><div data-optvalue="America/Danmarkshavn" class="option" data-v-1b4c0987> America/Danmarkshavn </div><div data-optvalue="America/Dawson" class="option" data-v-1b4c0987> America/Dawson </div><div data-optvalue="America/Dawson_Creek" class="option" data-v-1b4c0987> America/Dawson Creek </div><div data-optvalue="America/Denver" class="option" data-v-1b4c0987> America/Denver </div><div data-optvalue="America/Detroit" class="option" data-v-1b4c0987> America/Detroit </div><div data-optvalue="America/Dominica" class="option" data-v-1b4c0987> America/Dominica </div><div data-optvalue="America/Edmonton" class="option" data-v-1b4c0987> America/Edmonton </div><div data-optvalue="America/Eirunepe" class="option" data-v-1b4c0987> America/Eirunepe </div><div data-optvalue="America/El_Salvador" class="option" data-v-1b4c0987> America/El Salvador </div><div data-optvalue="America/Ensenada" class="option" data-v-1b4c0987> America/Ensenada </div><div data-optvalue="America/Fort_Nelson" class="option" data-v-1b4c0987> America/Fort Nelson </div><div data-optvalue="America/Fort_Wayne" class="option" data-v-1b4c0987> America/Fort Wayne </div><div data-optvalue="America/Fortaleza" class="option" data-v-1b4c0987> America/Fortaleza </div><div data-optvalue="America/Glace_Bay" class="option" data-v-1b4c0987> America/Glace Bay </div><div data-optvalue="America/Godthab" class="option" data-v-1b4c0987> America/Godthab </div><div data-optvalue="America/Goose_Bay" class="option" data-v-1b4c0987> America/Goose Bay </div><div data-optvalue="America/Grand_Turk" class="option" data-v-1b4c0987> America/Grand Turk </div><div data-optvalue="America/Grenada" class="option" data-v-1b4c0987> America/Grenada </div><div data-optvalue="America/Guadeloupe" class="option" data-v-1b4c0987> America/Guadeloupe </div><div data-optvalue="America/Guatemala" class="option" data-v-1b4c0987> America/Guatemala </div><div data-optvalue="America/Guayaquil" class="option" data-v-1b4c0987> America/Guayaquil </div><div data-optvalue="America/Guyana" class="option" data-v-1b4c0987> America/Guyana </div><div data-optvalue="America/Halifax" class="option" data-v-1b4c0987> America/Halifax </div><div data-optvalue="America/Havana" class="option" data-v-1b4c0987> America/Havana </div><div data-optvalue="America/Hermosillo" class="option" data-v-1b4c0987> America/Hermosillo </div><div data-optvalue="America/Indiana/Indianapolis" class="option" data-v-1b4c0987> America/Indiana/Indianapolis </div><div data-optvalue="America/Indiana/Knox" class="option" data-v-1b4c0987> America/Indiana/Knox </div><div data-optvalue="America/Indiana/Marengo" class="option" data-v-1b4c0987> America/Indiana/Marengo </div><div data-optvalue="America/Indiana/Petersburg" class="option" data-v-1b4c0987> America/Indiana/Petersburg </div><div data-optvalue="America/Indiana/Tell_City" class="option" data-v-1b4c0987> America/Indiana/Tell City </div><div data-optvalue="America/Indiana/Vevay" class="option" data-v-1b4c0987> America/Indiana/Vevay </div><div data-optvalue="America/Indiana/Vincennes" class="option" data-v-1b4c0987> America/Indiana/Vincennes </div><div data-optvalue="America/Indiana/Winamac" class="option" data-v-1b4c0987> America/Indiana/Winamac </div><div data-optvalue="America/Indianapolis" class="option" data-v-1b4c0987> America/Indianapolis </div><div data-optvalue="America/Inuvik" class="option" data-v-1b4c0987> America/Inuvik </div><div data-optvalue="America/Iqaluit" class="option" data-v-1b4c0987> America/Iqaluit </div><div data-optvalue="America/Jamaica" class="option" data-v-1b4c0987> America/Jamaica </div><div data-optvalue="America/Jujuy" class="option" data-v-1b4c0987> America/Jujuy </div><div data-optvalue="America/Juneau" class="option" data-v-1b4c0987> America/Juneau </div><div data-optvalue="America/Kentucky/Louisville" class="option" data-v-1b4c0987> America/Kentucky/Louisville </div><div data-optvalue="America/Kentucky/Monticello" class="option" data-v-1b4c0987> America/Kentucky/Monticello </div><div data-optvalue="America/Knox_IN" class="option" data-v-1b4c0987> America/Knox IN </div><div data-optvalue="America/Kralendijk" class="option" data-v-1b4c0987> America/Kralendijk </div><div data-optvalue="America/La_Paz" class="option" data-v-1b4c0987> America/La Paz </div><div data-optvalue="America/Lima" class="option" data-v-1b4c0987> America/Lima </div><div data-optvalue="America/Los_Angeles" class="option" data-v-1b4c0987> America/Los Angeles </div><div data-optvalue="America/Louisville" class="option" data-v-1b4c0987> America/Louisville </div><div data-optvalue="America/Lower_Princes" class="option" data-v-1b4c0987> America/Lower Princes </div><div data-optvalue="America/Maceio" class="option" data-v-1b4c0987> America/Maceio </div><div data-optvalue="America/Managua" class="option" data-v-1b4c0987> America/Managua </div><div data-optvalue="America/Manaus" class="option" data-v-1b4c0987> America/Manaus </div><div data-optvalue="America/Marigot" class="option" data-v-1b4c0987> America/Marigot </div><div data-optvalue="America/Martinique" class="option" data-v-1b4c0987> America/Martinique </div><div data-optvalue="America/Matamoros" class="option" data-v-1b4c0987> America/Matamoros </div><div data-optvalue="America/Mazatlan" class="option" data-v-1b4c0987> America/Mazatlan </div><div data-optvalue="America/Mendoza" class="option" data-v-1b4c0987> America/Mendoza </div><div data-optvalue="America/Menominee" class="option" data-v-1b4c0987> America/Menominee </div><div data-optvalue="America/Merida" class="option" data-v-1b4c0987> America/Merida </div><div data-optvalue="America/Metlakatla" class="option" data-v-1b4c0987> America/Metlakatla </div><div data-optvalue="America/Mexico_City" class="option" data-v-1b4c0987> America/Mexico City </div><div data-optvalue="America/Miquelon" class="option" data-v-1b4c0987> America/Miquelon </div><div data-optvalue="America/Moncton" class="option" data-v-1b4c0987> America/Moncton </div><div data-optvalue="America/Monterrey" class="option" data-v-1b4c0987> America/Monterrey </div><div data-optvalue="America/Montevideo" class="option" data-v-1b4c0987> America/Montevideo </div><div data-optvalue="America/Montreal" class="option" data-v-1b4c0987> America/Montreal </div><div data-optvalue="America/Montserrat" class="option" data-v-1b4c0987> America/Montserrat </div><div data-optvalue="America/Nassau" class="option" data-v-1b4c0987> America/Nassau </div><div data-optvalue="America/New_York" class="option" data-v-1b4c0987> America/New York </div><div data-optvalue="America/Nipigon" class="option" data-v-1b4c0987> America/Nipigon </div><div data-optvalue="America/Nome" class="option" data-v-1b4c0987> America/Nome </div><div data-optvalue="America/Noronha" class="option" data-v-1b4c0987> America/Noronha </div><div data-optvalue="America/North_Dakota/Beulah" class="option" data-v-1b4c0987> America/North Dakota/Beulah </div><div data-optvalue="America/North_Dakota/Center" class="option" data-v-1b4c0987> America/North Dakota/Center </div><div data-optvalue="America/North_Dakota/New_Salem" class="option" data-v-1b4c0987> America/North Dakota/New Salem </div><div data-optvalue="America/Nuuk" class="option" data-v-1b4c0987> America/Nuuk </div><div data-optvalue="America/Ojinaga" class="option" data-v-1b4c0987> America/Ojinaga </div><div data-optvalue="America/Panama" class="option" data-v-1b4c0987> America/Panama </div><div data-optvalue="America/Pangnirtung" class="option" data-v-1b4c0987> America/Pangnirtung </div><div data-optvalue="America/Paramaribo" class="option" data-v-1b4c0987> America/Paramaribo </div><div data-optvalue="America/Phoenix" class="option" data-v-1b4c0987> America/Phoenix </div><div data-optvalue="America/Port-au-Prince" class="option" data-v-1b4c0987> America/Port-au-Prince </div><div data-optvalue="America/Port_of_Spain" class="option" data-v-1b4c0987> America/Port of Spain </div><div data-optvalue="America/Porto_Acre" class="option" data-v-1b4c0987> America/Porto Acre </div><div data-optvalue="America/Porto_Velho" class="option" data-v-1b4c0987> America/Porto Velho </div><div data-optvalue="America/Puerto_Rico" class="option" data-v-1b4c0987> America/Puerto Rico </div><div data-optvalue="America/Punta_Arenas" class="option" data-v-1b4c0987> America/Punta Arenas </div><div data-optvalue="America/Rainy_River" class="option" data-v-1b4c0987> America/Rainy River </div><div data-optvalue="America/Rankin_Inlet" class="option" data-v-1b4c0987> America/Rankin Inlet </div><div data-optvalue="America/Recife" class="option" data-v-1b4c0987> America/Recife </div><div data-optvalue="America/Regina" class="option" data-v-1b4c0987> America/Regina </div><div data-optvalue="America/Resolute" class="option" data-v-1b4c0987> America/Resolute </div><div data-optvalue="America/Rio_Branco" class="option" data-v-1b4c0987> America/Rio Branco </div><div data-optvalue="America/Rosario" class="option" data-v-1b4c0987> America/Rosario </div><div data-optvalue="America/Santa_Isabel" class="option" data-v-1b4c0987> America/Santa Isabel </div><div data-optvalue="America/Santarem" class="option" data-v-1b4c0987> America/Santarem </div><div data-optvalue="America/Santiago" class="option" data-v-1b4c0987> America/Santiago </div><div data-optvalue="America/Santo_Domingo" class="option" data-v-1b4c0987> America/Santo Domingo </div><div data-optvalue="America/Sao_Paulo" class="option" data-v-1b4c0987> America/Sao Paulo </div><div data-optvalue="America/Scoresbysund" class="option" data-v-1b4c0987> America/Scoresbysund </div><div data-optvalue="America/Shiprock" class="option" data-v-1b4c0987> America/Shiprock </div><div data-optvalue="America/Sitka" class="option" data-v-1b4c0987> America/Sitka </div><div data-optvalue="America/St_Barthelemy" class="option" data-v-1b4c0987> America/St Barthelemy </div><div data-optvalue="America/St_Johns" class="option" data-v-1b4c0987> America/St Johns </div><div data-optvalue="America/St_Kitts" class="option" data-v-1b4c0987> America/St Kitts </div><div data-optvalue="America/St_Lucia" class="option" data-v-1b4c0987> America/St Lucia </div><div data-optvalue="America/St_Thomas" class="option" data-v-1b4c0987> America/St Thomas </div><div data-optvalue="America/St_Vincent" class="option" data-v-1b4c0987> America/St Vincent </div><div data-optvalue="America/Swift_Current" class="option" data-v-1b4c0987> America/Swift Current </div><div data-optvalue="America/Tegucigalpa" class="option" data-v-1b4c0987> America/Tegucigalpa </div><div data-optvalue="America/Thule" class="option" data-v-1b4c0987> America/Thule </div><div data-optvalue="America/Thunder_Bay" class="option" data-v-1b4c0987> America/Thunder Bay </div><div data-optvalue="America/Tijuana" class="option" data-v-1b4c0987> America/Tijuana </div><div data-optvalue="America/Toronto" class="option" data-v-1b4c0987> America/Toronto </div><div data-optvalue="America/Tortola" class="option" data-v-1b4c0987> America/Tortola </div><div data-optvalue="America/Vancouver" class="option" data-v-1b4c0987> America/Vancouver </div><div data-optvalue="America/Virgin" class="option" data-v-1b4c0987> America/Virgin </div><div data-optvalue="America/Whitehorse" class="option" data-v-1b4c0987> America/Whitehorse </div><div data-optvalue="America/Winnipeg" class="option" data-v-1b4c0987> America/Winnipeg </div><div data-optvalue="America/Yakutat" class="option" data-v-1b4c0987> America/Yakutat </div><div data-optvalue="America/Yellowknife" class="option" data-v-1b4c0987> America/Yellowknife </div><div data-optvalue="Antarctica/Casey" class="option" data-v-1b4c0987> Antarctica/Casey </div><div data-optvalue="Antarctica/Davis" class="option" data-v-1b4c0987> Antarctica/Davis </div><div data-optvalue="Antarctica/DumontDUrville" class="option" data-v-1b4c0987> Antarctica/DumontDUrville </div><div data-optvalue="Antarctica/Macquarie" class="option" data-v-1b4c0987> Antarctica/Macquarie </div><div data-optvalue="Antarctica/Mawson" class="option" data-v-1b4c0987> Antarctica/Mawson </div><div data-optvalue="Antarctica/McMurdo" class="option" data-v-1b4c0987> Antarctica/McMurdo </div><div data-optvalue="Antarctica/Palmer" class="option" data-v-1b4c0987> Antarctica/Palmer </div><div data-optvalue="Antarctica/Rothera" class="option" data-v-1b4c0987> Antarctica/Rothera </div><div data-optvalue="Antarctica/South_Pole" class="option" data-v-1b4c0987> Antarctica/South Pole </div><div data-optvalue="Antarctica/Syowa" class="option" data-v-1b4c0987> Antarctica/Syowa </div><div data-optvalue="Antarctica/Troll" class="option" data-v-1b4c0987> Antarctica/Troll </div><div data-optvalue="Antarctica/Vostok" class="option" data-v-1b4c0987> Antarctica/Vostok </div><div data-optvalue="Arctic/Longyearbyen" class="option" data-v-1b4c0987> Arctic/Longyearbyen </div><div data-optvalue="Asia/Aden" class="option" data-v-1b4c0987> Asia/Aden </div><div data-optvalue="Asia/Almaty" class="option" data-v-1b4c0987> Asia/Almaty </div><div data-optvalue="Asia/Amman" class="option" data-v-1b4c0987> Asia/Amman </div><div data-optvalue="Asia/Anadyr" class="option" data-v-1b4c0987> Asia/Anadyr </div><div data-optvalue="Asia/Aqtau" class="option" data-v-1b4c0987> Asia/Aqtau </div><div data-optvalue="Asia/Aqtobe" class="option" data-v-1b4c0987> Asia/Aqtobe </div><div data-optvalue="Asia/Ashgabat" class="option" data-v-1b4c0987> Asia/Ashgabat </div><div data-optvalue="Asia/Ashkhabad" class="option" data-v-1b4c0987> Asia/Ashkhabad </div><div data-optvalue="Asia/Atyrau" class="option" data-v-1b4c0987> Asia/Atyrau </div><div data-optvalue="Asia/Baghdad" class="option" data-v-1b4c0987> Asia/Baghdad </div><div data-optvalue="Asia/Bahrain" class="option" data-v-1b4c0987> Asia/Bahrain </div><div data-optvalue="Asia/Baku" class="option" data-v-1b4c0987> Asia/Baku </div><div data-optvalue="Asia/Bangkok" class="option" data-v-1b4c0987> Asia/Bangkok </div><div data-optvalue="Asia/Barnaul" class="option" data-v-1b4c0987> Asia/Barnaul </div><div data-optvalue="Asia/Beirut" class="option" data-v-1b4c0987> Asia/Beirut </div><div data-optvalue="Asia/Bishkek" class="option" data-v-1b4c0987> Asia/Bishkek </div><div data-optvalue="Asia/Brunei" class="option" data-v-1b4c0987> Asia/Brunei </div><div data-optvalue="Asia/Calcutta" class="option" data-v-1b4c0987> Asia/Calcutta </div><div data-optvalue="Asia/Chita" class="option" data-v-1b4c0987> Asia/Chita </div><div data-optvalue="Asia/Choibalsan" class="option" data-v-1b4c0987> Asia/Choibalsan </div><div data-optvalue="Asia/Chongqing" class="option" data-v-1b4c0987> Asia/Chongqing </div><div data-optvalue="Asia/Chungking" class="option" data-v-1b4c0987> Asia/Chungking </div><div data-optvalue="Asia/Colombo" class="option" data-v-1b4c0987> Asia/Colombo </div><div data-optvalue="Asia/Dacca" class="option" data-v-1b4c0987> Asia/Dacca </div><div data-optvalue="Asia/Damascus" class="option" data-v-1b4c0987> Asia/Damascus </div><div data-optvalue="Asia/Dhaka" class="option" data-v-1b4c0987> Asia/Dhaka </div><div data-optvalue="Asia/Dili" class="option" data-v-1b4c0987> Asia/Dili </div><div data-optvalue="Asia/Dubai" class="option" data-v-1b4c0987> Asia/Dubai </div><div data-optvalue="Asia/Dushanbe" class="option" data-v-1b4c0987> Asia/Dushanbe </div><div data-optvalue="Asia/Famagusta" class="option" data-v-1b4c0987> Asia/Famagusta </div><div data-optvalue="Asia/Gaza" class="option" data-v-1b4c0987> Asia/Gaza </div><div data-optvalue="Asia/Harbin" class="option" data-v-1b4c0987> Asia/Harbin </div><div data-optvalue="Asia/Hebron" class="option" data-v-1b4c0987> Asia/Hebron </div><div data-optvalue="Asia/Ho_Chi_Minh" class="option" data-v-1b4c0987> Asia/Ho Chi Minh </div><div data-optvalue="Asia/Hong_Kong" class="option" data-v-1b4c0987> Asia/Hong Kong </div><div data-optvalue="Asia/Hovd" class="option" data-v-1b4c0987> Asia/Hovd </div><div data-optvalue="Asia/Irkutsk" class="option" data-v-1b4c0987> Asia/Irkutsk </div><div data-optvalue="Asia/Istanbul" class="option" data-v-1b4c0987> Asia/Istanbul </div><div data-optvalue="Asia/Jakarta" class="option" data-v-1b4c0987> Asia/Jakarta </div><div data-optvalue="Asia/Jayapura" class="option" data-v-1b4c0987> Asia/Jayapura </div><div data-optvalue="Asia/Jerusalem" class="option" data-v-1b4c0987> Asia/Jerusalem </div><div data-optvalue="Asia/Kabul" class="option" data-v-1b4c0987> Asia/Kabul </div><div data-optvalue="Asia/Kamchatka" class="option" data-v-1b4c0987> Asia/Kamchatka </div><div data-optvalue="Asia/Karachi" class="option" data-v-1b4c0987> Asia/Karachi </div><div data-optvalue="Asia/Kashgar" class="option" data-v-1b4c0987> Asia/Kashgar </div><div data-optvalue="Asia/Kathmandu" class="option" data-v-1b4c0987> Asia/Kathmandu </div><div data-optvalue="Asia/Katmandu" class="option" data-v-1b4c0987> Asia/Katmandu </div><div data-optvalue="Asia/Khandyga" class="option" data-v-1b4c0987> Asia/Khandyga </div><div data-optvalue="Asia/Kolkata" class="option" data-v-1b4c0987> Asia/Kolkata </div><div data-optvalue="Asia/Krasnoyarsk" class="option" data-v-1b4c0987> Asia/Krasnoyarsk </div><div data-optvalue="Asia/Kuala_Lumpur" class="option" data-v-1b4c0987> Asia/Kuala Lumpur </div><div data-optvalue="Asia/Kuching" class="option" data-v-1b4c0987> Asia/Kuching </div><div data-optvalue="Asia/Kuwait" class="option" data-v-1b4c0987> Asia/Kuwait </div><div data-optvalue="Asia/Macao" class="option" data-v-1b4c0987> Asia/Macao </div><div data-optvalue="Asia/Macau" class="option" data-v-1b4c0987> Asia/Macau </div><div data-optvalue="Asia/Magadan" class="option" data-v-1b4c0987> Asia/Magadan </div><div data-optvalue="Asia/Makassar" class="option" data-v-1b4c0987> Asia/Makassar </div><div data-optvalue="Asia/Manila" class="option" data-v-1b4c0987> Asia/Manila </div><div data-optvalue="Asia/Muscat" class="option" data-v-1b4c0987> Asia/Muscat </div><div data-optvalue="Asia/Nicosia" class="option" data-v-1b4c0987> Asia/Nicosia </div><div data-optvalue="Asia/Novokuznetsk" class="option" data-v-1b4c0987> Asia/Novokuznetsk </div><div data-optvalue="Asia/Novosibirsk" class="option" data-v-1b4c0987> Asia/Novosibirsk </div><div data-optvalue="Asia/Omsk" class="option" data-v-1b4c0987> Asia/Omsk </div><div data-optvalue="Asia/Oral" class="option" data-v-1b4c0987> Asia/Oral </div><div data-optvalue="Asia/Phnom_Penh" class="option" data-v-1b4c0987> Asia/Phnom Penh </div><div data-optvalue="Asia/Pontianak" class="option" data-v-1b4c0987> Asia/Pontianak </div><div data-optvalue="Asia/Pyongyang" class="option" data-v-1b4c0987> Asia/Pyongyang </div><div data-optvalue="Asia/Qatar" class="option" data-v-1b4c0987> Asia/Qatar </div><div data-optvalue="Asia/Qostanay" class="option" data-v-1b4c0987> Asia/Qostanay </div><div data-optvalue="Asia/Qyzylorda" class="option" data-v-1b4c0987> Asia/Qyzylorda </div><div data-optvalue="Asia/Rangoon" class="option" data-v-1b4c0987> Asia/Rangoon </div><div data-optvalue="Asia/Riyadh" class="option" data-v-1b4c0987> Asia/Riyadh </div><div data-optvalue="Asia/Saigon" class="option" data-v-1b4c0987> Asia/Saigon </div><div data-optvalue="Asia/Sakhalin" class="option" data-v-1b4c0987> Asia/Sakhalin </div><div data-optvalue="Asia/Samarkand" class="option" data-v-1b4c0987> Asia/Samarkand </div><div data-optvalue="Asia/Seoul" class="option" data-v-1b4c0987> Asia/Seoul </div><div data-optvalue="Asia/Shanghai" class="option" data-v-1b4c0987> Asia/Shanghai </div><div data-optvalue="Asia/Singapore" class="option" data-v-1b4c0987> Asia/Singapore </div><div data-optvalue="Asia/Srednekolymsk" class="option" data-v-1b4c0987> Asia/Srednekolymsk </div><div data-optvalue="Asia/Taipei" class="option" data-v-1b4c0987> Asia/Taipei </div><div data-optvalue="Asia/Tashkent" class="option" data-v-1b4c0987> Asia/Tashkent </div><div data-optvalue="Asia/Tbilisi" class="option" data-v-1b4c0987> Asia/Tbilisi </div><div data-optvalue="Asia/Tehran" class="option" data-v-1b4c0987> Asia/Tehran </div><div data-optvalue="Asia/Tel_Aviv" class="option" data-v-1b4c0987> Asia/Tel Aviv </div><div data-optvalue="Asia/Thimbu" class="option" data-v-1b4c0987> Asia/Thimbu </div><div data-optvalue="Asia/Thimphu" class="option" data-v-1b4c0987> Asia/Thimphu </div><div data-optvalue="Asia/Tokyo" class="option" data-v-1b4c0987> Asia/Tokyo </div><div data-optvalue="Asia/Tomsk" class="option" data-v-1b4c0987> Asia/Tomsk </div><div data-optvalue="Asia/Ujung_Pandang" class="option" data-v-1b4c0987> Asia/Ujung Pandang </div><div data-optvalue="Asia/Ulaanbaatar" class="option" data-v-1b4c0987> Asia/Ulaanbaatar </div><div data-optvalue="Asia/Ulan_Bator" class="option" data-v-1b4c0987> Asia/Ulan Bator </div><div data-optvalue="Asia/Urumqi" class="option" data-v-1b4c0987> Asia/Urumqi </div><div data-optvalue="Asia/Ust-Nera" class="option" data-v-1b4c0987> Asia/Ust-Nera </div><div data-optvalue="Asia/Vientiane" class="option" data-v-1b4c0987> Asia/Vientiane </div><div data-optvalue="Asia/Vladivostok" class="option" data-v-1b4c0987> Asia/Vladivostok </div><div data-optvalue="Asia/Yakutsk" class="option" data-v-1b4c0987> Asia/Yakutsk </div><div data-optvalue="Asia/Yangon" class="option" data-v-1b4c0987> Asia/Yangon </div><div data-optvalue="Asia/Yekaterinburg" class="option" data-v-1b4c0987> Asia/Yekaterinburg </div><div data-optvalue="Asia/Yerevan" class="option" data-v-1b4c0987> Asia/Yerevan </div><div data-optvalue="Atlantic/Azores" class="option" data-v-1b4c0987> Atlantic/Azores </div><div data-optvalue="Atlantic/Bermuda" class="option" data-v-1b4c0987> Atlantic/Bermuda </div><div data-optvalue="Atlantic/Canary" class="option" data-v-1b4c0987> Atlantic/Canary </div><div data-optvalue="Atlantic/Cape_Verde" class="option" data-v-1b4c0987> Atlantic/Cape Verde </div><div data-optvalue="Atlantic/Faeroe" class="option" data-v-1b4c0987> Atlantic/Faeroe </div><div data-optvalue="Atlantic/Faroe" class="option" data-v-1b4c0987> Atlantic/Faroe </div><div data-optvalue="Atlantic/Jan_Mayen" class="option" data-v-1b4c0987> Atlantic/Jan Mayen </div><div data-optvalue="Atlantic/Madeira" class="option" data-v-1b4c0987> Atlantic/Madeira </div><div data-optvalue="Atlantic/Reykjavik" class="option" data-v-1b4c0987> Atlantic/Reykjavik </div><div data-optvalue="Atlantic/South_Georgia" class="option" data-v-1b4c0987> Atlantic/South Georgia </div><div data-optvalue="Atlantic/St_Helena" class="option" data-v-1b4c0987> Atlantic/St Helena </div><div data-optvalue="Atlantic/Stanley" class="option" data-v-1b4c0987> Atlantic/Stanley </div><div data-optvalue="Australia/ACT" class="option" data-v-1b4c0987> Australia/ACT </div><div data-optvalue="Australia/Adelaide" class="option" data-v-1b4c0987> Australia/Adelaide </div><div data-optvalue="Australia/Brisbane" class="option" data-v-1b4c0987> Australia/Brisbane </div><div data-optvalue="Australia/Broken_Hill" class="option" data-v-1b4c0987> Australia/Broken Hill </div><div data-optvalue="Australia/Canberra" class="option" data-v-1b4c0987> Australia/Canberra </div><div data-optvalue="Australia/Currie" class="option" data-v-1b4c0987> Australia/Currie </div><div data-optvalue="Australia/Darwin" class="option" data-v-1b4c0987> Australia/Darwin </div><div data-optvalue="Australia/Eucla" class="option" data-v-1b4c0987> Australia/Eucla </div><div data-optvalue="Australia/Hobart" class="option" data-v-1b4c0987> Australia/Hobart </div><div data-optvalue="Australia/LHI" class="option" data-v-1b4c0987> Australia/LHI </div><div data-optvalue="Australia/Lindeman" class="option" data-v-1b4c0987> Australia/Lindeman </div><div data-optvalue="Australia/Lord_Howe" class="option" data-v-1b4c0987> Australia/Lord Howe </div><div data-optvalue="Australia/Melbourne" class="option" data-v-1b4c0987> Australia/Melbourne </div><div data-optvalue="Australia/NSW" class="option" data-v-1b4c0987> Australia/NSW </div><div data-optvalue="Australia/North" class="option" data-v-1b4c0987> Australia/North </div><div data-optvalue="Australia/Perth" class="option" data-v-1b4c0987> Australia/Perth </div><div data-optvalue="Australia/Queensland" class="option" data-v-1b4c0987> Australia/Queensland </div><div data-optvalue="Australia/South" class="option" data-v-1b4c0987> Australia/South </div><div data-optvalue="Australia/Sydney" class="option" data-v-1b4c0987> Australia/Sydney </div><div data-optvalue="Australia/Tasmania" class="option" data-v-1b4c0987> Australia/Tasmania </div><div data-optvalue="Australia/Victoria" class="option" data-v-1b4c0987> Australia/Victoria </div><div data-optvalue="Australia/West" class="option" data-v-1b4c0987> Australia/West </div><div data-optvalue="Australia/Yancowinna" class="option" data-v-1b4c0987> Australia/Yancowinna </div><div data-optvalue="Brazil/Acre" class="option" data-v-1b4c0987> Brazil/Acre </div><div data-optvalue="Brazil/DeNoronha" class="option" data-v-1b4c0987> Brazil/DeNoronha </div><div data-optvalue="Brazil/East" class="option" data-v-1b4c0987> Brazil/East </div><div data-optvalue="Brazil/West" class="option" data-v-1b4c0987> Brazil/West </div><div data-optvalue="CET" class="option" data-v-1b4c0987> CET </div><div data-optvalue="CST6CDT" class="option" data-v-1b4c0987> CST6CDT </div><div data-optvalue="Canada/Atlantic" class="option" data-v-1b4c0987> Canada/Atlantic </div><div data-optvalue="Canada/Central" class="option" data-v-1b4c0987> Canada/Central </div><div data-optvalue="Canada/Eastern" class="option" data-v-1b4c0987> Canada/Eastern </div><div data-optvalue="Canada/Mountain" class="option" data-v-1b4c0987> Canada/Mountain </div><div data-optvalue="Canada/Newfoundland" class="option" data-v-1b4c0987> Canada/Newfoundland </div><div data-optvalue="Canada/Pacific" class="option" data-v-1b4c0987> Canada/Pacific </div><div data-optvalue="Canada/Saskatchewan" class="option" data-v-1b4c0987> Canada/Saskatchewan </div><div data-optvalue="Canada/Yukon" class="option" data-v-1b4c0987> Canada/Yukon </div><div data-optvalue="Chile/Continental" class="option" data-v-1b4c0987> Chile/Continental </div><div data-optvalue="Chile/EasterIsland" class="option" data-v-1b4c0987> Chile/EasterIsland </div><div data-optvalue="Cuba" class="option" data-v-1b4c0987> Cuba </div><div data-optvalue="EET" class="option" data-v-1b4c0987> EET </div><div data-optvalue="EST" class="option" data-v-1b4c0987> EST </div><div data-optvalue="EST5EDT" class="option" data-v-1b4c0987> EST5EDT </div><div data-optvalue="Egypt" class="option" data-v-1b4c0987> Egypt </div><div data-optvalue="Eire" class="option" data-v-1b4c0987> Eire </div><div data-optvalue="Etc/GMT" class="option" data-v-1b4c0987> Etc/GMT </div><div data-optvalue="Etc/GMT+0" class="option" data-v-1b4c0987> Etc/GMT+0 </div><div data-optvalue="Etc/GMT+1" class="option" data-v-1b4c0987> Etc/GMT+1 </div><div data-optvalue="Etc/GMT+10" class="option" data-v-1b4c0987> Etc/GMT+10 </div><div data-optvalue="Etc/GMT+11" class="option" data-v-1b4c0987> Etc/GMT+11 </div><div data-optvalue="Etc/GMT+12" class="option" data-v-1b4c0987> Etc/GMT+12 </div><div data-optvalue="Etc/GMT+2" class="option" data-v-1b4c0987> Etc/GMT+2 </div><div data-optvalue="Etc/GMT+3" class="option" data-v-1b4c0987> Etc/GMT+3 </div><div data-optvalue="Etc/GMT+4" class="option" data-v-1b4c0987> Etc/GMT+4 </div><div data-optvalue="Etc/GMT+5" class="option" data-v-1b4c0987> Etc/GMT+5 </div><div data-optvalue="Etc/GMT+6" class="option" data-v-1b4c0987> Etc/GMT+6 </div><div data-optvalue="Etc/GMT+7" class="option" data-v-1b4c0987> Etc/GMT+7 </div><div data-optvalue="Etc/GMT+8" class="option" data-v-1b4c0987> Etc/GMT+8 </div><div data-optvalue="Etc/GMT+9" class="option" data-v-1b4c0987> Etc/GMT+9 </div><div data-optvalue="Etc/GMT-0" class="option" data-v-1b4c0987> Etc/GMT-0 </div><div data-optvalue="Etc/GMT-1" class="option" data-v-1b4c0987> Etc/GMT-1 </div><div data-optvalue="Etc/GMT-10" class="option" data-v-1b4c0987> Etc/GMT-10 </div><div data-optvalue="Etc/GMT-11" class="option" data-v-1b4c0987> Etc/GMT-11 </div><div data-optvalue="Etc/GMT-12" class="option" data-v-1b4c0987> Etc/GMT-12 </div><div data-optvalue="Etc/GMT-13" class="option" data-v-1b4c0987> Etc/GMT-13 </div><div data-optvalue="Etc/GMT-14" class="option" data-v-1b4c0987> Etc/GMT-14 </div><div data-optvalue="Etc/GMT-2" class="option" data-v-1b4c0987> Etc/GMT-2 </div><div data-optvalue="Etc/GMT-3" class="option" data-v-1b4c0987> Etc/GMT-3 </div><div data-optvalue="Etc/GMT-4" class="option" data-v-1b4c0987> Etc/GMT-4 </div><div data-optvalue="Etc/GMT-5" class="option" data-v-1b4c0987> Etc/GMT-5 </div><div data-optvalue="Etc/GMT-6" class="option" data-v-1b4c0987> Etc/GMT-6 </div><div data-optvalue="Etc/GMT-7" class="option" data-v-1b4c0987> Etc/GMT-7 </div><div data-optvalue="Etc/GMT-8" class="option" data-v-1b4c0987> Etc/GMT-8 </div><div data-optvalue="Etc/GMT-9" class="option" data-v-1b4c0987> Etc/GMT-9 </div><div data-optvalue="Etc/GMT0" class="option" data-v-1b4c0987> Etc/GMT0 </div><div data-optvalue="Etc/Greenwich" class="option" data-v-1b4c0987> Etc/Greenwich </div><div data-optvalue="Etc/UCT" class="option" data-v-1b4c0987> Etc/UCT </div><div data-optvalue="Etc/UTC" class="option" data-v-1b4c0987> Etc/UTC </div><div data-optvalue="Etc/Universal" class="option" data-v-1b4c0987> Etc/Universal </div><div data-optvalue="Etc/Zulu" class="option" data-v-1b4c0987> Etc/Zulu </div><div data-optvalue="Europe/Amsterdam" class="option" data-v-1b4c0987> Europe/Amsterdam </div><div data-optvalue="Europe/Andorra" class="option" data-v-1b4c0987> Europe/Andorra </div><div data-optvalue="Europe/Astrakhan" class="option" data-v-1b4c0987> Europe/Astrakhan </div><div data-optvalue="Europe/Athens" class="option" data-v-1b4c0987> Europe/Athens </div><div data-optvalue="Europe/Belfast" class="option" data-v-1b4c0987> Europe/Belfast </div><div data-optvalue="Europe/Belgrade" class="option" data-v-1b4c0987> Europe/Belgrade </div><div data-optvalue="Europe/Berlin" class="option" data-v-1b4c0987> Europe/Berlin </div><div data-optvalue="Europe/Bratislava" class="option" data-v-1b4c0987> Europe/Bratislava </div><div data-optvalue="Europe/Brussels" class="option" data-v-1b4c0987> Europe/Brussels </div><div data-optvalue="Europe/Bucharest" class="option" data-v-1b4c0987> Europe/Bucharest </div><div data-optvalue="Europe/Budapest" class="option" data-v-1b4c0987> Europe/Budapest </div><div data-optvalue="Europe/Busingen" class="option" data-v-1b4c0987> Europe/Busingen </div><div data-optvalue="Europe/Chisinau" class="option" data-v-1b4c0987> Europe/Chisinau </div><div data-optvalue="Europe/Copenhagen" class="option" data-v-1b4c0987> Europe/Copenhagen </div><div data-optvalue="Europe/Dublin" class="option" data-v-1b4c0987> Europe/Dublin </div><div data-optvalue="Europe/Gibraltar" class="option" data-v-1b4c0987> Europe/Gibraltar </div><div data-optvalue="Europe/Guernsey" class="option" data-v-1b4c0987> Europe/Guernsey </div><div data-optvalue="Europe/Helsinki" class="option" data-v-1b4c0987> Europe/Helsinki </div><div data-optvalue="Europe/Isle_of_Man" class="option" data-v-1b4c0987> Europe/Isle of Man </div><div data-optvalue="Europe/Istanbul" class="option" data-v-1b4c0987> Europe/Istanbul </div><div data-optvalue="Europe/Jersey" class="option" data-v-1b4c0987> Europe/Jersey </div><div data-optvalue="Europe/Kaliningrad" class="option" data-v-1b4c0987> Europe/Kaliningrad </div><div data-optvalue="Europe/Kiev" class="option" data-v-1b4c0987> Europe/Kiev </div><div data-optvalue="Europe/Kirov" class="option" data-v-1b4c0987> Europe/Kirov </div><div data-optvalue="Europe/Kyiv" class="option" data-v-1b4c0987> Europe/Kyiv </div><div data-optvalue="Europe/Lisbon" class="option" data-v-1b4c0987> Europe/Lisbon </div><div data-optvalue="Europe/Ljubljana" class="option" data-v-1b4c0987> Europe/Ljubljana </div><div data-optvalue="Europe/London" class="option" data-v-1b4c0987> Europe/London </div><div data-optvalue="Europe/Luxembourg" class="option" data-v-1b4c0987> Europe/Luxembourg </div><div data-optvalue="Europe/Madrid" class="option" data-v-1b4c0987> Europe/Madrid </div><div data-optvalue="Europe/Malta" class="option" data-v-1b4c0987> Europe/Malta </div><div data-optvalue="Europe/Mariehamn" class="option" data-v-1b4c0987> Europe/Mariehamn </div><div data-optvalue="Europe/Minsk" class="option" data-v-1b4c0987> Europe/Minsk </div><div data-optvalue="Europe/Monaco" class="option" data-v-1b4c0987> Europe/Monaco </div><div data-optvalue="Europe/Moscow" class="option" data-v-1b4c0987> Europe/Moscow </div><div data-optvalue="Europe/Nicosia" class="option" data-v-1b4c0987> Europe/Nicosia </div><div data-optvalue="Europe/Oslo" class="option" data-v-1b4c0987> Europe/Oslo </div><div data-optvalue="Europe/Paris" class="option" data-v-1b4c0987> Europe/Paris </div><div data-optvalue="Europe/Podgorica" class="option" data-v-1b4c0987> Europe/Podgorica </div><div data-optvalue="Europe/Prague" class="option" data-v-1b4c0987> Europe/Prague </div><div data-optvalue="Europe/Riga" class="option" data-v-1b4c0987> Europe/Riga </div><div data-optvalue="Europe/Rome" class="option" data-v-1b4c0987> Europe/Rome </div><div data-optvalue="Europe/Samara" class="option" data-v-1b4c0987> Europe/Samara </div><div data-optvalue="Europe/San_Marino" class="option" data-v-1b4c0987> Europe/San Marino </div><div data-optvalue="Europe/Sarajevo" class="option" data-v-1b4c0987> Europe/Sarajevo </div><div data-optvalue="Europe/Saratov" class="option" data-v-1b4c0987> Europe/Saratov </div><div data-optvalue="Europe/Simferopol" class="option" data-v-1b4c0987> Europe/Simferopol </div><div data-optvalue="Europe/Skopje" class="option" data-v-1b4c0987> Europe/Skopje </div><div data-optvalue="Europe/Sofia" class="option" data-v-1b4c0987> Europe/Sofia </div><div data-optvalue="Europe/Stockholm" class="option" data-v-1b4c0987> Europe/Stockholm </div><div data-optvalue="Europe/Tallinn" class="option" data-v-1b4c0987> Europe/Tallinn </div><div data-optvalue="Europe/Tirane" class="option" data-v-1b4c0987> Europe/Tirane </div><div data-optvalue="Europe/Tiraspol" class="option" data-v-1b4c0987> Europe/Tiraspol </div><div data-optvalue="Europe/Ulyanovsk" class="option" data-v-1b4c0987> Europe/Ulyanovsk </div><div data-optvalue="Europe/Uzhgorod" class="option" data-v-1b4c0987> Europe/Uzhgorod </div><div data-optvalue="Europe/Vaduz" class="option" data-v-1b4c0987> Europe/Vaduz </div><div data-optvalue="Europe/Vatican" class="option" data-v-1b4c0987> Europe/Vatican </div><div data-optvalue="Europe/Vienna" class="option" data-v-1b4c0987> Europe/Vienna </div><div data-optvalue="Europe/Vilnius" class="option" data-v-1b4c0987> Europe/Vilnius </div><div data-optvalue="Europe/Volgograd" class="option" data-v-1b4c0987> Europe/Volgograd </div><div data-optvalue="Europe/Warsaw" class="option" data-v-1b4c0987> Europe/Warsaw </div><div data-optvalue="Europe/Zagreb" class="option" data-v-1b4c0987> Europe/Zagreb </div><div data-optvalue="Europe/Zaporozhye" class="option" data-v-1b4c0987> Europe/Zaporozhye </div><div data-optvalue="Europe/Zurich" class="option" data-v-1b4c0987> Europe/Zurich </div><div data-optvalue="GB" class="option" data-v-1b4c0987> GB </div><div data-optvalue="GB-Eire" class="option" data-v-1b4c0987> GB-Eire </div><div data-optvalue="GMT" class="option" data-v-1b4c0987> GMT </div><div data-optvalue="GMT+0" class="option" data-v-1b4c0987> GMT+0 </div><div data-optvalue="GMT-0" class="option" data-v-1b4c0987> GMT-0 </div><div data-optvalue="GMT0" class="option" data-v-1b4c0987> GMT0 </div><div data-optvalue="Greenwich" class="option" data-v-1b4c0987> Greenwich </div><div data-optvalue="HST" class="option" data-v-1b4c0987> HST </div><div data-optvalue="Hongkong" class="option" data-v-1b4c0987> Hongkong </div><div data-optvalue="Iceland" class="option" data-v-1b4c0987> Iceland </div><div data-optvalue="Indian/Antananarivo" class="option" data-v-1b4c0987> Indian/Antananarivo </div><div data-optvalue="Indian/Chagos" class="option" data-v-1b4c0987> Indian/Chagos </div><div data-optvalue="Indian/Christmas" class="option" data-v-1b4c0987> Indian/Christmas </div><div data-optvalue="Indian/Cocos" class="option" data-v-1b4c0987> Indian/Cocos </div><div data-optvalue="Indian/Comoro" class="option" data-v-1b4c0987> Indian/Comoro </div><div data-optvalue="Indian/Kerguelen" class="option" data-v-1b4c0987> Indian/Kerguelen </div><div data-optvalue="Indian/Mahe" class="option" data-v-1b4c0987> Indian/Mahe </div><div data-optvalue="Indian/Maldives" class="option" data-v-1b4c0987> Indian/Maldives </div><div data-optvalue="Indian/Mauritius" class="option" data-v-1b4c0987> Indian/Mauritius </div><div data-optvalue="Indian/Mayotte" class="option" data-v-1b4c0987> Indian/Mayotte </div><div data-optvalue="Indian/Reunion" class="option" data-v-1b4c0987> Indian/Reunion </div><div data-optvalue="Iran" class="option" data-v-1b4c0987> Iran </div><div data-optvalue="Israel" class="option" data-v-1b4c0987> Israel </div><div data-optvalue="Jamaica" class="option" data-v-1b4c0987> Jamaica </div><div data-optvalue="Japan" class="option" data-v-1b4c0987> Japan </div><div data-optvalue="Kwajalein" class="option" data-v-1b4c0987> Kwajalein </div><div data-optvalue="Libya" class="option" data-v-1b4c0987> Libya </div><div data-optvalue="MET" class="option" data-v-1b4c0987> MET </div><div data-optvalue="MST" class="option" data-v-1b4c0987> MST </div><div data-optvalue="MST7MDT" class="option" data-v-1b4c0987> MST7MDT </div><div data-optvalue="Mexico/BajaNorte" class="option" data-v-1b4c0987> Mexico/BajaNorte </div><div data-optvalue="Mexico/BajaSur" class="option" data-v-1b4c0987> Mexico/BajaSur </div><div data-optvalue="Mexico/General" class="option" data-v-1b4c0987> Mexico/General </div><div data-optvalue="NZ" class="option" data-v-1b4c0987> NZ </div><div data-optvalue="NZ-CHAT" class="option" data-v-1b4c0987> NZ-CHAT </div><div data-optvalue="Navajo" class="option" data-v-1b4c0987> Navajo </div><div data-optvalue="PRC" class="option" data-v-1b4c0987> PRC </div><div data-optvalue="PST8PDT" class="option" data-v-1b4c0987> PST8PDT </div><div data-optvalue="Pacific/Apia" class="option" data-v-1b4c0987> Pacific/Apia </div><div data-optvalue="Pacific/Auckland" class="option" data-v-1b4c0987> Pacific/Auckland </div><div data-optvalue="Pacific/Bougainville" class="option" data-v-1b4c0987> Pacific/Bougainville </div><div data-optvalue="Pacific/Chatham" class="option" data-v-1b4c0987> Pacific/Chatham </div><div data-optvalue="Pacific/Chuuk" class="option" data-v-1b4c0987> Pacific/Chuuk </div><div data-optvalue="Pacific/Easter" class="option" data-v-1b4c0987> Pacific/Easter </div><div data-optvalue="Pacific/Efate" class="option" data-v-1b4c0987> Pacific/Efate </div><div data-optvalue="Pacific/Enderbury" class="option" data-v-1b4c0987> Pacific/Enderbury </div><div data-optvalue="Pacific/Fakaofo" class="option" data-v-1b4c0987> Pacific/Fakaofo </div><div data-optvalue="Pacific/Fiji" class="option" data-v-1b4c0987> Pacific/Fiji </div><div data-optvalue="Pacific/Funafuti" class="option" data-v-1b4c0987> Pacific/Funafuti </div><div data-optvalue="Pacific/Galapagos" class="option" data-v-1b4c0987> Pacific/Galapagos </div><div data-optvalue="Pacific/Gambier" class="option" data-v-1b4c0987> Pacific/Gambier </div><div data-optvalue="Pacific/Guadalcanal" class="option" data-v-1b4c0987> Pacific/Guadalcanal </div><div data-optvalue="Pacific/Guam" class="option" data-v-1b4c0987> Pacific/Guam </div><div data-optvalue="Pacific/Honolulu" class="option" data-v-1b4c0987> Pacific/Honolulu </div><div data-optvalue="Pacific/Johnston" class="option" data-v-1b4c0987> Pacific/Johnston </div><div data-optvalue="Pacific/Kanton" class="option" data-v-1b4c0987> Pacific/Kanton </div><div data-optvalue="Pacific/Kiritimati" class="option" data-v-1b4c0987> Pacific/Kiritimati </div><div data-optvalue="Pacific/Kosrae" class="option" data-v-1b4c0987> Pacific/Kosrae </div><div data-optvalue="Pacific/Kwajalein" class="option" data-v-1b4c0987> Pacific/Kwajalein </div><div data-optvalue="Pacific/Majuro" class="option" data-v-1b4c0987> Pacific/Majuro </div><div data-optvalue="Pacific/Marquesas" class="option" data-v-1b4c0987> Pacific/Marquesas </div><div data-optvalue="Pacific/Midway" class="option" data-v-1b4c0987> Pacific/Midway </div><div data-optvalue="Pacific/Nauru" class="option" data-v-1b4c0987> Pacific/Nauru </div><div data-optvalue="Pacific/Niue" class="option" data-v-1b4c0987> Pacific/Niue </div><div data-optvalue="Pacific/Norfolk" class="option" data-v-1b4c0987> Pacific/Norfolk </div><div data-optvalue="Pacific/Noumea" class="option" data-v-1b4c0987> Pacific/Noumea </div><div data-optvalue="Pacific/Pago_Pago" class="option" data-v-1b4c0987> Pacific/Pago Pago </div><div data-optvalue="Pacific/Palau" class="option" data-v-1b4c0987> Pacific/Palau </div><div data-optvalue="Pacific/Pitcairn" class="option" data-v-1b4c0987> Pacific/Pitcairn </div><div data-optvalue="Pacific/Pohnpei" class="option" data-v-1b4c0987> Pacific/Pohnpei </div><div data-optvalue="Pacific/Ponape" class="option" data-v-1b4c0987> Pacific/Ponape </div><div data-optvalue="Pacific/Port_Moresby" class="option" data-v-1b4c0987> Pacific/Port Moresby </div><div data-optvalue="Pacific/Rarotonga" class="option" data-v-1b4c0987> Pacific/Rarotonga </div><div data-optvalue="Pacific/Saipan" class="option" data-v-1b4c0987> Pacific/Saipan </div><div data-optvalue="Pacific/Samoa" class="option" data-v-1b4c0987> Pacific/Samoa </div><div data-optvalue="Pacific/Tahiti" class="option" data-v-1b4c0987> Pacific/Tahiti </div><div data-optvalue="Pacific/Tarawa" class="option" data-v-1b4c0987> Pacific/Tarawa </div><div data-optvalue="Pacific/Tongatapu" class="option" data-v-1b4c0987> Pacific/Tongatapu </div><div data-optvalue="Pacific/Truk" class="option" data-v-1b4c0987> Pacific/Truk </div><div data-optvalue="Pacific/Wake" class="option" data-v-1b4c0987> Pacific/Wake </div><div data-optvalue="Pacific/Wallis" class="option" data-v-1b4c0987> Pacific/Wallis </div><div data-optvalue="Pacific/Yap" class="option" data-v-1b4c0987> Pacific/Yap </div><div data-optvalue="Poland" class="option" data-v-1b4c0987> Poland </div><div data-optvalue="Portugal" class="option" data-v-1b4c0987> Portugal </div><div data-optvalue="ROC" class="option" data-v-1b4c0987> ROC </div><div data-optvalue="ROK" class="option" data-v-1b4c0987> ROK </div><div data-optvalue="Singapore" class="option" data-v-1b4c0987> Singapore </div><div data-optvalue="Turkey" class="option" data-v-1b4c0987> Turkey </div><div data-optvalue="UCT" class="option" data-v-1b4c0987> UCT </div><div data-optvalue="US/Alaska" class="option" data-v-1b4c0987> US/Alaska </div><div data-optvalue="US/Aleutian" class="option" data-v-1b4c0987> US/Aleutian </div><div data-optvalue="US/Arizona" class="option" data-v-1b4c0987> US/Arizona </div><div data-optvalue="US/Central" class="option" data-v-1b4c0987> US/Central </div><div data-optvalue="US/East-Indiana" class="option" data-v-1b4c0987> US/East-Indiana </div><div data-optvalue="US/Eastern" class="option" data-v-1b4c0987> US/Eastern </div><div data-optvalue="US/Hawaii" class="option" data-v-1b4c0987> US/Hawaii </div><div data-optvalue="US/Indiana-Starke" class="option" data-v-1b4c0987> US/Indiana-Starke </div><div data-optvalue="US/Michigan" class="option" data-v-1b4c0987> US/Michigan </div><div data-optvalue="US/Mountain" class="option" data-v-1b4c0987> US/Mountain </div><div data-optvalue="US/Pacific" class="option" data-v-1b4c0987> US/Pacific </div><div data-optvalue="US/Samoa" class="option" data-v-1b4c0987> US/Samoa </div><div data-optvalue="UTC" class="option" data-v-1b4c0987> UTC </div><div data-optvalue="Universal" class="option" data-v-1b4c0987> Universal </div><div data-optvalue="W-SU" class="option" data-v-1b4c0987> W-SU </div><div data-optvalue="WET" class="option" data-v-1b4c0987> WET </div><div data-optvalue="Zulu" class="option" data-v-1b4c0987> Zulu </div></div></div></div></div></div></div> <div class="filters-container closed" data-v-459a09fb data-v-1e5fb90a><h6 title="Filters" class="block-label" data-v-459a09fb> Filters: </h6> <div class="all-options" data-v-459a09fb><button href="#" class="button button--medium button--light button--secondary" data-v-5041ef13 data-v-459a09fb> Clear All </button></div> <div class="block-content" data-v-459a09fb><fieldset class="filter-block block-visible" data-v-4784a6b2 data-v-2279a842 data-v-1e5fb90a><legend class="block-label" data-v-4784a6b2> Training Formats </legend> <div class="block-content" data-v-4784a6b2><div class="filter-checkboxes-block block-collapsed" data-v-4784a6b2 data-v-2279a842><ul class="filter-checkboxes" data-v-4784a6b2 data-v-2279a842><li class="filter-checkboxes__item visible" data-v-4784a6b2 data-v-2279a842><div class="checkbox" data-v-4784a6b2 data-v-2279a842><input id="in_person" type="checkbox" name="In Person" value="in_person" class="light" data-v-4784a6b2 data-v-2279a842> <label for="in_person" class="light" data-v-4784a6b2 data-v-2279a842>In Person</label> <ul class="hidden-list" data-v-4784a6b2 data-v-2279a842></ul></div></li><li class="filter-checkboxes__item visible" data-v-4784a6b2 data-v-2279a842><div class="checkbox" data-v-4784a6b2 data-v-2279a842><input id="live_online" type="checkbox" name="Live Online" value="live_online" class="light" data-v-4784a6b2 data-v-2279a842> <label for="live_online" class="light" data-v-4784a6b2 data-v-2279a842>Live Online</label> <ul class="hidden-list" data-v-4784a6b2 data-v-2279a842></ul></div></li><li class="filter-checkboxes__item visible" data-v-4784a6b2 data-v-2279a842><div class="checkbox" data-v-4784a6b2 data-v-2279a842><input id="ondemand" type="checkbox" name="OnDemand" value="ondemand" class="light" data-v-4784a6b2 data-v-2279a842> <label for="ondemand" class="light" data-v-4784a6b2 data-v-2279a842>OnDemand</label> <ul class="hidden-list" data-v-4784a6b2 data-v-2279a842></ul></div></li></ul>  </div></div></fieldset><fieldset class="filter-block block-visible" data-v-4784a6b2 data-v-2279a842 data-v-1e5fb90a><legend class="block-label" data-v-4784a6b2> Location </legend> <div class="block-content" data-v-4784a6b2><div class="filter-checkboxes-block block-collapsed" data-v-4784a6b2 data-v-2279a842><ul class="filter-checkboxes" data-v-4784a6b2 data-v-2279a842><li class="filter-checkboxes__item visible" data-v-4784a6b2 data-v-2279a842><div class="checkbox" data-v-4784a6b2 data-v-2279a842><input id="americas" type="checkbox" name="Americas" value="americas" class="light" data-v-4784a6b2 data-v-2279a842> <label for="americas" class="light" data-v-4784a6b2 data-v-2279a842>Americas</label> <ul class="nested-checkbox" data-v-4784a6b2 data-v-2279a842><li class="filter-checkboxes__item" data-v-4784a6b2 data-v-2279a842><div class="checkbox" data-v-4784a6b2 data-v-2279a842><input id="usa-and-canada" type="checkbox" name="United States & Canada" value="usa-and-canada" class="light" data-v-4784a6b2 data-v-2279a842> <label for="usa-and-canada" class="light" data-v-4784a6b2 data-v-2279a842>United States & Canada</label></div></li></ul></div></li><li class="filter-checkboxes__item visible" data-v-4784a6b2 data-v-2279a842><div class="checkbox" data-v-4784a6b2 data-v-2279a842><input id="emea" type="checkbox" name="Europe, Middle East & Africa" value="emea" class="light" data-v-4784a6b2 data-v-2279a842> <label for="emea" class="light" data-v-4784a6b2 data-v-2279a842>Europe, Middle East & Africa</label> <ul class="nested-checkbox" data-v-4784a6b2 data-v-2279a842><li class="filter-checkboxes__item" data-v-4784a6b2 data-v-2279a842><div class="checkbox" data-v-4784a6b2 data-v-2279a842><input id="mainland-europe" type="checkbox" name="Mainland Europe" value="mainland-europe" class="light" data-v-4784a6b2 data-v-2279a842> <label for="mainland-europe" class="light" data-v-4784a6b2 data-v-2279a842>Mainland Europe</label></div></li><li class="filter-checkboxes__item" data-v-4784a6b2 data-v-2279a842><div class="checkbox" data-v-4784a6b2 data-v-2279a842><input id="middle-east-turkey-and-africa" type="checkbox" name="Middle East, Turkey, & Africa" value="middle-east-turkey-and-africa" class="light" data-v-4784a6b2 data-v-2279a842> <label for="middle-east-turkey-and-africa" class="light" data-v-4784a6b2 data-v-2279a842>Middle East, Turkey, & Africa</label></div></li><li class="filter-checkboxes__item" data-v-4784a6b2 data-v-2279a842><div class="checkbox" data-v-4784a6b2 data-v-2279a842><input id="united-kingdom-and-ireland" type="checkbox" name="United Kingdom & Ireland" value="united-kingdom-and-ireland" class="light" data-v-4784a6b2 data-v-2279a842> <label for="united-kingdom-and-ireland" class="light" data-v-4784a6b2 data-v-2279a842>United Kingdom & Ireland</label></div></li></ul></div></li></ul>  </div></div></fieldset> <fieldset filterfunc="function dateRangeListingFilter(content, startDate, endDate) { var dateFilter = function dateFilter(event) { if (!event.event_start || !event.event_end) { return true; } return external_moment_timezone_default()(event.event_start, 'YYYY-MM-DD').isSameOrAfter(external_moment_timezone_default()(startDate, 'YYYY-MM-DD')) && external_moment_timezone_default()(event.event_end, 'YYYY-MM-DD').isSameOrBefore(external_moment_timezone_default()(endDate, 'YYYY-MM-DD')); }; var contents = content.filter(dateFilter); return contents.map(function (event) { return new CourseDetail(_objectSpread(_objectSpread({}, event), {}, { childRuns: event.childRuns.filter(dateFilter) })); }); }" class="filter-block block-visible" data-v-4784a6b2 data-v-3a1ca894 data-v-1e5fb90a><legend class="block-label" data-v-4784a6b2> Dates </legend> <div class="block-content" data-v-4784a6b2><div class="filter-checkboxes-block" data-v-4784a6b2 data-v-3a1ca894><ul class="filter-radios" data-v-4784a6b2 data-v-3a1ca894><li class="filter-radios__item" data-v-4784a6b2 data-v-3a1ca894><div class="radio" data-v-4784a6b2 data-v-3a1ca894><input id="allDates" type="radio" name="selectDate-teaserPopUp-5g0zhxdz3" value="allDates" checked class="light" data-v-4784a6b2 data-v-3a1ca894> <label for="allDates" class="light" data-v-4784a6b2 data-v-3a1ca894>All Dates</label></div></li><li class="filter-radios__item" data-v-4784a6b2 data-v-3a1ca894><div class="radio" data-v-4784a6b2 data-v-3a1ca894><input id="dateRange" type="radio" name="selectDate-teaserPopUp-5g0zhxdz3" value="dateRange" class="light" data-v-4784a6b2 data-v-3a1ca894> <label for="dateRange" class="light" data-v-4784a6b2 data-v-3a1ca894>Select a Date Range</label></div></li></ul> <div class="date-wrap" data-v-4784a6b2 data-v-3a1ca894><div class="datepicker" data-v-3a1ca894><div class="datepicker-toggle"><input id="startDate" type="date" disabled required value="2024-12-01" class="datepicker-input"></div></div> <div class="datepicker" data-v-3a1ca894><div class="datepicker-toggle"><input id="endDate" type="date" disabled required value="2025-12-01" class="datepicker-input"></div></div></div></div></div></fieldset></div> <button href="#" class="button button--medium button--light button--primary" data-v-5041ef13 data-v-459a09fb> Apply </button></div></div> <div class="main" data-v-7da86b79><div class="main-prefix" data-v-7da86b79><div class="group" data-v-7da86b79 data-v-1e5fb90a><h2 data-v-7da86b79 data-v-1e5fb90a>Register for FOR577</h2> <a href="/about/contact/sales/?msc=course-page-link" class="button button--small button--light button--secondary" data-v-5041ef13 data-v-1e5fb90a> Learn about Group Pricing </a></div></div> <div class="main-content" data-v-7da86b79><p class="taxes" data-v-7da86b79 data-v-1e5fb90a> Prices below exclude applicable taxes and shipping costs. If applicable, these will be shown on the last page of checkout. </p> <h4 data-v-7da86b79 data-v-1e5fb90a>Loading...</h4></div> <div class="main-suffix" data-v-7da86b79></div></div></div></div></div> <footer class="footer" data-v-daec289e> <div style="margin-bottom:0" data-v-7c90a14a data-v-1605a5f6><footer class="footer" data-v-74c48210 data-v-7c90a14a><div class="footer__top" data-v-74c48210><nav aria-label="Primary footer menu" role="navigation" class="footer-menu footer-menu--primary" data-v-40c2b7a4 data-v-7c90a14a><ul role="menubar" data-v-40c2b7a4> <li class="section-label" data-v-40c2b7a4>Register to Learn</li> <li role="menuitem" data-v-40c2b7a4><a href="/cyber-security-courses/" aria-label="Courses" target="_self" data-v-40c2b7a4>Courses</a></li><li role="menuitem" data-v-40c2b7a4><a href="https://www.giac.org/certifications/" aria-label="Certifications" target="_self" data-v-40c2b7a4>Certifications</a></li><li role="menuitem" data-v-40c2b7a4><a href="https://www.sans.edu/" aria-label="Degree Programs" target="_self" data-v-40c2b7a4>Degree Programs</a></li><li role="menuitem" data-v-40c2b7a4><a href="/cyber-ranges/" aria-label="Cyber Ranges" target="_self" data-v-40c2b7a4>Cyber Ranges</a></li></ul><ul role="menubar" data-v-40c2b7a4> <li class="section-label" data-v-40c2b7a4>Job Tools</li> <li role="menuitem" data-v-40c2b7a4><a href="/information-security-policy/" aria-label="Security Policy Project" target="_self" data-v-40c2b7a4>Security Policy Project</a></li><li role="menuitem" data-v-40c2b7a4><a href="/posters/" aria-label="Posters & Cheat Sheets" target="_self" data-v-40c2b7a4>Posters & Cheat Sheets</a></li><li role="menuitem" data-v-40c2b7a4><a href="/white-papers/" aria-label="White Papers" target="_self" data-v-40c2b7a4>White Papers</a></li></ul><ul role="menubar" data-v-40c2b7a4> <li class="section-label" data-v-40c2b7a4>Focus Areas</li> <li role="menuitem" data-v-40c2b7a4><a href="/cyber-defense/" aria-label="Cyber Defense" target="_self" data-v-40c2b7a4>Cyber Defense</a></li><li role="menuitem" data-v-40c2b7a4><a href="/cloud-security/" aria-label="Cloud Security" target="_self" data-v-40c2b7a4>Cloud Security</a></li><li role="menuitem" data-v-40c2b7a4><a href="/cybersecurity-leadership/" aria-label="Cybersecurity Leadership" target="_self" data-v-40c2b7a4>Cybersecurity Leadership</a></li><li role="menuitem" data-v-40c2b7a4><a href="/digital-forensics-incident-response/" aria-label="Digital Forensics" target="_self" data-v-40c2b7a4>Digital Forensics</a></li><li role="menuitem" data-v-40c2b7a4><a href="/industrial-control-systems-security/" aria-label="Industrial Control Systems" target="_self" data-v-40c2b7a4>Industrial Control Systems</a></li><li role="menuitem" data-v-40c2b7a4><a href="/offensive-operations/" aria-label="Offensive Operations" target="_self" data-v-40c2b7a4>Offensive Operations</a></li></ul></nav>  <div data-v-74c48210 data-v-7c90a14a><div ccpa="[object Object]" class="form-subscribe form-subscribe__sidebar" data-v-64bb6155 data-v-7c90a14a><div class="title" data-v-64bb6155> Subscribe to SANS Newsletters </div> <div class="description" data-v-64bb6155> Receive curated news, vulnerabilities, & security awareness tips </div> <div class="form" data-v-64bb6155><form id="footerNewsletterForm" autocomplete="off" data-v-64bb6155><div class="form-item" data-v-64bb6155><label for="subscribe-email-footerNewsletterForm" data-v-64bb6155></label> <input id="subscribe-email-footerNewsletterForm" type="email" name="email" autocomplete="on" placeholder="Your Email..." required class="subscribe-email" data-v-64bb6155></div> <div class="form-item" data-v-64bb6155><div id="sidebarCountry_footer-wrapper" class="select light large" data-v-1b4c0987 data-v-64bb6155><div class="wrp" data-v-1b4c0987> <div class="combo-wrap" data-v-1b4c0987><div class="combo-wrap-inner" data-v-1b4c0987><input id="sidebarCountry_footer" placeholder="Select your country" autocomplete="chrome-off" class="combobox" data-v-1b4c0987> <div class="listbox listbox-for-sidebarCountry_footer" data-v-1b4c0987><div data-optvalue="261" class="option" data-v-1b4c0987> United States </div><div data-optvalue="76" class="option" data-v-1b4c0987> Canada </div><div data-optvalue="260" class="option" data-v-1b4c0987> United Kingdom </div><div data-optvalue="233" class="option" data-v-1b4c0987> Spain </div><div data-optvalue="59" class="option" data-v-1b4c0987> Belgium </div><div data-optvalue="95" class="option" data-v-1b4c0987> Denmark </div><div data-optvalue="199" class="option" data-v-1b4c0987> Norway </div><div data-optvalue="189" class="option" data-v-1b4c0987> Netherlands </div><div data-optvalue="51" class="option" data-v-1b4c0987> Australia </div><div data-optvalue="138" class="option" data-v-1b4c0987> India </div><div data-optvalue="146" class="option" data-v-1b4c0987> Japan </div><div data-optvalue="227" class="option" data-v-1b4c0987> Singapore </div><div data-optvalue="39" class="option" data-v-1b4c0987> Afghanistan </div><div data-optvalue="1188" class="option" data-v-1b4c0987> Aland Islands </div><div data-optvalue="40" class="option" data-v-1b4c0987> Albania </div><div data-optvalue="41" class="option" data-v-1b4c0987> Algeria </div><div data-optvalue="42" class="option" data-v-1b4c0987> American Samoa </div><div data-optvalue="43" class="option" data-v-1b4c0987> Andorra </div><div data-optvalue="44" class="option" data-v-1b4c0987> Angola </div><div data-optvalue="45" class="option" data-v-1b4c0987> Anguilla </div><div data-optvalue="46" class="option" data-v-1b4c0987> Antarctica </div><div data-optvalue="47" class="option" data-v-1b4c0987> Antigua and Barbuda </div><div data-optvalue="48" class="option" data-v-1b4c0987> Argentina </div><div data-optvalue="49" class="option" data-v-1b4c0987> Armenia </div><div data-optvalue="50" class="option" data-v-1b4c0987> Aruba </div><div data-optvalue="52" class="option" data-v-1b4c0987> Austria </div><div data-optvalue="53" class="option" data-v-1b4c0987> Azerbaijan </div><div data-optvalue="54" class="option" data-v-1b4c0987> Bahamas </div><div data-optvalue="55" class="option" data-v-1b4c0987> Bahrain </div><div data-optvalue="56" class="option" data-v-1b4c0987> Bangladesh </div><div data-optvalue="57" class="option" data-v-1b4c0987> Barbados </div><div data-optvalue="58" class="option" data-v-1b4c0987> Belarus </div><div data-optvalue="60" class="option" data-v-1b4c0987> Belize </div><div data-optvalue="61" class="option" data-v-1b4c0987> Benin </div><div data-optvalue="62" class="option" data-v-1b4c0987> Bermuda </div><div data-optvalue="63" class="option" data-v-1b4c0987> Bhutan </div><div data-optvalue="64" class="option" data-v-1b4c0987> Bolivia </div><div data-optvalue="1189" class="option" data-v-1b4c0987> Bonaire, Sint Eustatius, and Saba </div><div data-optvalue="65" class="option" data-v-1b4c0987> Bosnia And Herzegovina </div><div data-optvalue="66" class="option" data-v-1b4c0987> Botswana </div><div data-optvalue="67" class="option" data-v-1b4c0987> Bouvet Island </div><div data-optvalue="68" class="option" data-v-1b4c0987> Brazil </div><div data-optvalue="69" class="option" data-v-1b4c0987> British Indian Ocean Territory </div><div data-optvalue="70" class="option" data-v-1b4c0987> Brunei Darussalam </div><div data-optvalue="71" class="option" data-v-1b4c0987> Bulgaria </div><div data-optvalue="72" class="option" data-v-1b4c0987> Burkina Faso </div><div data-optvalue="73" class="option" data-v-1b4c0987> Burundi </div><div data-optvalue="74" class="option" data-v-1b4c0987> Cambodia </div><div data-optvalue="75" class="option" data-v-1b4c0987> Cameroon </div><div data-optvalue="77" class="option" data-v-1b4c0987> Cape Verde </div><div data-optvalue="78" class="option" data-v-1b4c0987> Cayman Islands </div><div data-optvalue="79" class="option" data-v-1b4c0987> Central African Republic </div><div data-optvalue="80" class="option" data-v-1b4c0987> Chad </div><div data-optvalue="81" class="option" data-v-1b4c0987> Chile </div><div data-optvalue="82" class="option" data-v-1b4c0987> China </div><div data-optvalue="83" class="option" data-v-1b4c0987> Christmas Island </div><div data-optvalue="84" class="option" data-v-1b4c0987> Cocos (Keeling) Islands </div><div data-optvalue="85" class="option" data-v-1b4c0987> Colombia </div><div data-optvalue="86" class="option" data-v-1b4c0987> Comoros </div><div data-optvalue="87" class="option" data-v-1b4c0987> Congo </div><div data-optvalue="88" class="option" data-v-1b4c0987> Cook Islands </div><div data-optvalue="89" class="option" data-v-1b4c0987> Costa Rica </div><div data-optvalue="90" class="option" data-v-1b4c0987> Cote D'ivoire </div><div data-optvalue="91" class="option" data-v-1b4c0987> Croatia (Local Name: Hrvatska) </div><div data-optvalue="1192" class="option" data-v-1b4c0987> Curacao </div><div data-optvalue="93" class="option" data-v-1b4c0987> Cyprus </div><div data-optvalue="94" class="option" data-v-1b4c0987> Czech Republic </div><div data-optvalue="1190" class="option" data-v-1b4c0987> Democratic Republic of the Congo </div><div data-optvalue="96" class="option" data-v-1b4c0987> Djibouti </div><div data-optvalue="97" class="option" data-v-1b4c0987> Dominica </div><div data-optvalue="98" class="option" data-v-1b4c0987> Dominican Republic </div><div data-optvalue="1198" class="option" data-v-1b4c0987> East Timor </div><div data-optvalue="100" class="option" data-v-1b4c0987> Ecuador </div><div data-optvalue="101" class="option" data-v-1b4c0987> Egypt </div><div data-optvalue="102" class="option" data-v-1b4c0987> El Salvador </div><div data-optvalue="103" class="option" data-v-1b4c0987> Equatorial Guinea </div><div data-optvalue="104" class="option" data-v-1b4c0987> Eritrea </div><div data-optvalue="105" class="option" data-v-1b4c0987> Estonia </div><div data-optvalue="240" class="option" data-v-1b4c0987> Eswatini </div><div data-optvalue="106" class="option" data-v-1b4c0987> Ethiopia </div><div data-optvalue="108" class="option" data-v-1b4c0987> Falkland Islands (Malvinas) </div><div data-optvalue="109" class="option" data-v-1b4c0987> Faroe Islands </div><div data-optvalue="110" class="option" data-v-1b4c0987> Fiji </div><div data-optvalue="111" class="option" data-v-1b4c0987> Finland </div><div data-optvalue="112" class="option" data-v-1b4c0987> France </div><div data-optvalue="114" class="option" data-v-1b4c0987> French Guiana </div><div data-optvalue="115" class="option" data-v-1b4c0987> French Polynesia </div><div data-optvalue="116" class="option" data-v-1b4c0987> French Southern Territories </div><div data-optvalue="117" class="option" data-v-1b4c0987> Gabon </div><div data-optvalue="118" class="option" data-v-1b4c0987> Gambia </div><div data-optvalue="119" class="option" data-v-1b4c0987> Georgia </div><div data-optvalue="120" class="option" data-v-1b4c0987> Germany </div><div data-optvalue="121" class="option" data-v-1b4c0987> Ghana </div><div data-optvalue="122" class="option" data-v-1b4c0987> Gibraltar </div><div data-optvalue="123" class="option" data-v-1b4c0987> Greece </div><div data-optvalue="124" class="option" data-v-1b4c0987> Greenland </div><div data-optvalue="125" class="option" data-v-1b4c0987> Grenada </div><div data-optvalue="126" class="option" data-v-1b4c0987> Guadeloupe </div><div data-optvalue="127" class="option" data-v-1b4c0987> Guam </div><div data-optvalue="128" class="option" data-v-1b4c0987> Guatemala </div><div data-optvalue="1077" class="option" data-v-1b4c0987> Guernsey </div><div data-optvalue="129" class="option" data-v-1b4c0987> Guinea </div><div data-optvalue="130" class="option" data-v-1b4c0987> Guinea-Bissau </div><div data-optvalue="131" class="option" data-v-1b4c0987> Guyana </div><div data-optvalue="132" class="option" data-v-1b4c0987> Haiti </div><div data-optvalue="133" class="option" data-v-1b4c0987> Heard And McDonald Islands </div><div data-optvalue="134" class="option" data-v-1b4c0987> Honduras </div><div data-optvalue="135" class="option" data-v-1b4c0987> Hong Kong </div><div data-optvalue="136" class="option" data-v-1b4c0987> Hungary </div><div data-optvalue="137" class="option" data-v-1b4c0987> Iceland </div><div data-optvalue="139" class="option" data-v-1b4c0987> Indonesia </div><div data-optvalue="141" class="option" data-v-1b4c0987> Iraq </div><div data-optvalue="142" class="option" data-v-1b4c0987> Ireland </div><div data-optvalue="1079" class="option" data-v-1b4c0987> Isle of Man </div><div data-optvalue="143" class="option" data-v-1b4c0987> Israel </div><div data-optvalue="144" class="option" data-v-1b4c0987> Italy </div><div data-optvalue="145" class="option" data-v-1b4c0987> Jamaica </div><div data-optvalue="1076" class="option" data-v-1b4c0987> Jersey </div><div data-optvalue="147" class="option" data-v-1b4c0987> Jordan </div><div data-optvalue="148" class="option" data-v-1b4c0987> Kazakhstan </div><div data-optvalue="149" class="option" data-v-1b4c0987> Kenya </div><div data-optvalue="150" class="option" data-v-1b4c0987> Kiribati </div><div data-optvalue="152" class="option" data-v-1b4c0987> Korea, Republic Of </div><div data-optvalue="1199" class="option" data-v-1b4c0987> Kosovo </div><div data-optvalue="153" class="option" data-v-1b4c0987> Kuwait </div><div data-optvalue="154" class="option" data-v-1b4c0987> Kyrgyzstan </div><div data-optvalue="155" class="option" data-v-1b4c0987> Lao People's Democratic Republic </div><div data-optvalue="156" class="option" data-v-1b4c0987> Latvia </div><div data-optvalue="157" class="option" data-v-1b4c0987> Lebanon </div><div data-optvalue="158" class="option" data-v-1b4c0987> Lesotho </div><div data-optvalue="159" class="option" data-v-1b4c0987> Liberia </div><div data-optvalue="161" class="option" data-v-1b4c0987> Liechtenstein </div><div data-optvalue="162" class="option" data-v-1b4c0987> Lithuania </div><div data-optvalue="163" class="option" data-v-1b4c0987> Luxembourg </div><div data-optvalue="164" class="option" data-v-1b4c0987> Macau </div><div data-optvalue="166" class="option" data-v-1b4c0987> Madagascar </div><div data-optvalue="167" class="option" data-v-1b4c0987> Malawi </div><div data-optvalue="168" class="option" data-v-1b4c0987> Malaysia </div><div data-optvalue="169" class="option" data-v-1b4c0987> Maldives </div><div data-optvalue="170" class="option" data-v-1b4c0987> Mali </div><div data-optvalue="171" class="option" data-v-1b4c0987> Malta </div><div data-optvalue="172" class="option" data-v-1b4c0987> Marshall Islands </div><div data-optvalue="173" class="option" data-v-1b4c0987> Martinique </div><div data-optvalue="174" class="option" data-v-1b4c0987> Mauritania </div><div data-optvalue="175" class="option" data-v-1b4c0987> Mauritius </div><div data-optvalue="176" class="option" data-v-1b4c0987> Mayotte </div><div data-optvalue="177" class="option" data-v-1b4c0987> Mexico </div><div data-optvalue="178" class="option" data-v-1b4c0987> Micronesia, Federated States Of </div><div data-optvalue="179" class="option" data-v-1b4c0987> Moldova, Republic Of </div><div data-optvalue="180" class="option" data-v-1b4c0987> Monaco </div><div data-optvalue="181" class="option" data-v-1b4c0987> Mongolia </div><div data-optvalue="1089" class="option" data-v-1b4c0987> Montenegro </div><div data-optvalue="182" class="option" data-v-1b4c0987> Montserrat </div><div data-optvalue="183" class="option" data-v-1b4c0987> Morocco </div><div data-optvalue="184" class="option" data-v-1b4c0987> Mozambique </div><div data-optvalue="185" class="option" data-v-1b4c0987> Myanmar </div><div data-optvalue="186" class="option" data-v-1b4c0987> Namibia </div><div data-optvalue="187" class="option" data-v-1b4c0987> Nauru </div><div data-optvalue="188" class="option" data-v-1b4c0987> Nepal </div><div data-optvalue="190" class="option" data-v-1b4c0987> Netherlands Antilles </div><div data-optvalue="191" class="option" data-v-1b4c0987> New Caledonia </div><div data-optvalue="192" class="option" data-v-1b4c0987> New Zealand </div><div data-optvalue="193" class="option" data-v-1b4c0987> Nicaragua </div><div data-optvalue="194" class="option" data-v-1b4c0987> Niger </div><div data-optvalue="195" class="option" data-v-1b4c0987> Nigeria </div><div data-optvalue="196" class="option" data-v-1b4c0987> Niue </div><div data-optvalue="197" class="option" data-v-1b4c0987> Norfolk Island </div><div data-optvalue="165" class="option" data-v-1b4c0987> North Macedonia </div><div data-optvalue="198" class="option" data-v-1b4c0987> Northern Mariana Islands </div><div data-optvalue="200" class="option" data-v-1b4c0987> Oman </div><div data-optvalue="201" class="option" data-v-1b4c0987> Pakistan </div><div data-optvalue="202" class="option" data-v-1b4c0987> Palau </div><div data-optvalue="1045" class="option" data-v-1b4c0987> Palestine </div><div data-optvalue="203" class="option" data-v-1b4c0987> Panama </div><div data-optvalue="204" class="option" data-v-1b4c0987> Papua New Guinea </div><div data-optvalue="205" class="option" data-v-1b4c0987> Paraguay </div><div data-optvalue="206" class="option" data-v-1b4c0987> Peru </div><div data-optvalue="207" class="option" data-v-1b4c0987> Philippines </div><div data-optvalue="208" class="option" data-v-1b4c0987> Pitcairn </div><div data-optvalue="209" class="option" data-v-1b4c0987> Poland </div><div data-optvalue="210" class="option" data-v-1b4c0987> Portugal </div><div data-optvalue="211" class="option" data-v-1b4c0987> Puerto Rico </div><div data-optvalue="212" class="option" data-v-1b4c0987> Qatar </div><div data-optvalue="213" class="option" data-v-1b4c0987> Reunion </div><div data-optvalue="214" class="option" data-v-1b4c0987> Romania </div><div data-optvalue="215" class="option" data-v-1b4c0987> Russian Federation </div><div data-optvalue="216" class="option" data-v-1b4c0987> Rwanda </div><div data-optvalue="1088" class="option" data-v-1b4c0987> Saint Bartholemy </div><div data-optvalue="217" class="option" data-v-1b4c0987> Saint Kitts And Nevis </div><div data-optvalue="218" class="option" data-v-1b4c0987> Saint Lucia </div><div data-optvalue="1195" class="option" data-v-1b4c0987> Saint Martin </div><div data-optvalue="219" class="option" data-v-1b4c0987> Saint Vincent And The Grenadines </div><div data-optvalue="220" class="option" data-v-1b4c0987> Samoa </div><div data-optvalue="221" class="option" data-v-1b4c0987> San Marino </div><div data-optvalue="222" class="option" data-v-1b4c0987> Sao Tome And Principe </div><div data-optvalue="223" class="option" data-v-1b4c0987> Saudi Arabia </div><div data-optvalue="224" class="option" data-v-1b4c0987> Senegal </div><div data-optvalue="993" class="option" data-v-1b4c0987> Serbia </div><div data-optvalue="225" class="option" data-v-1b4c0987> Seychelles </div><div data-optvalue="226" class="option" data-v-1b4c0987> Sierra Leone </div><div data-optvalue="1197" class="option" data-v-1b4c0987> Sint Maarten </div><div data-optvalue="228" class="option" data-v-1b4c0987> Slovakia </div><div data-optvalue="229" class="option" data-v-1b4c0987> Slovenia </div><div data-optvalue="230" class="option" data-v-1b4c0987> Solomon Islands </div><div data-optvalue="232" class="option" data-v-1b4c0987> South Africa </div><div data-optvalue="1193" class="option" data-v-1b4c0987> South Georgia and the South Sandwich Islands </div><div data-optvalue="1196" class="option" data-v-1b4c0987> South Sudan </div><div data-optvalue="234" class="option" data-v-1b4c0987> Sri Lanka </div><div data-optvalue="235" class="option" data-v-1b4c0987> St. Helena </div><div data-optvalue="236" class="option" data-v-1b4c0987> St. Pierre And Miquelon </div><div data-optvalue="238" class="option" data-v-1b4c0987> Suriname </div><div data-optvalue="239" class="option" data-v-1b4c0987> Svalbard And Jan Mayen Islands </div><div data-optvalue="241" class="option" data-v-1b4c0987> Sweden </div><div data-optvalue="242" class="option" data-v-1b4c0987> Switzerland </div><div data-optvalue="244" class="option" data-v-1b4c0987> Taiwan </div><div data-optvalue="245" class="option" data-v-1b4c0987> Tajikistan </div><div data-optvalue="246" class="option" data-v-1b4c0987> Tanzania, United Republic Of </div><div data-optvalue="247" class="option" data-v-1b4c0987> Thailand </div><div data-optvalue="248" class="option" data-v-1b4c0987> Togo </div><div data-optvalue="249" class="option" data-v-1b4c0987> Tokelau </div><div data-optvalue="250" class="option" data-v-1b4c0987> Tonga </div><div data-optvalue="251" class="option" data-v-1b4c0987> Trinidad And Tobago </div><div data-optvalue="252" class="option" data-v-1b4c0987> Tunisia </div><div data-optvalue="253" class="option" data-v-1b4c0987> Turkey </div><div data-optvalue="254" class="option" data-v-1b4c0987> Turkmenistan </div><div data-optvalue="255" class="option" data-v-1b4c0987> Turks And Caicos Islands </div><div data-optvalue="256" class="option" data-v-1b4c0987> Tuvalu </div><div data-optvalue="257" class="option" data-v-1b4c0987> Uganda </div><div data-optvalue="258" class="option" data-v-1b4c0987> Ukraine </div><div data-optvalue="259" class="option" data-v-1b4c0987> United Arab Emirates </div><div data-optvalue="262" class="option" data-v-1b4c0987> United States Minor Outlying Islands </div><div data-optvalue="263" class="option" data-v-1b4c0987> Uruguay </div><div data-optvalue="264" class="option" data-v-1b4c0987> Uzbekistan </div><div data-optvalue="265" class="option" data-v-1b4c0987> Vanuatu </div><div data-optvalue="266" class="option" data-v-1b4c0987> Vatican City State </div><div data-optvalue="267" class="option" data-v-1b4c0987> Venezuela </div><div data-optvalue="268" class="option" data-v-1b4c0987> Vietnam </div><div data-optvalue="269" class="option" data-v-1b4c0987> Virgin Islands (British) </div><div data-optvalue="270" class="option" data-v-1b4c0987> Virgin Islands (U.S.) </div><div data-optvalue="271" class="option" data-v-1b4c0987> Wallis And Futuna Islands </div><div data-optvalue="272" class="option" data-v-1b4c0987> Western Sahara </div><div data-optvalue="273" class="option" data-v-1b4c0987> Yemen </div><div data-optvalue="276" class="option" data-v-1b4c0987> Zambia </div><div data-optvalue="277" class="option" data-v-1b4c0987> Zimbabwe </div></div></div></div></div></div></div>  <div class="form-item" data-v-64bb6155><div class="checkbox" data-v-64bb6155><p data-v-64bb6155>By providing this information, you agree to the processing of your personal data by SANS as described in our <a href="/legal/privacy/">Privacy Policy.</a></p></div></div> <div class="form-item" data-v-64bb6155><ul class="checkboxes__list" data-v-64bb6155><li class="checkboxes__item hidden" data-v-64bb6155><div class="checkbox" data-v-64bb6155><input id="newsbites" type="checkbox" name="newsbites" value="newsbites" checked data-v-64bb6155> <label for="newsbites" data-v-64bb6155>SANS NewsBites</label></div></li><li class="checkboxes__item hidden" data-v-64bb6155><div class="checkbox" data-v-64bb6155><input id="at_risk" type="checkbox" name="at_risk" value="at_risk" checked data-v-64bb6155> <label for="at_risk" data-v-64bb6155>@Risk: Security Alert</label></div></li><li class="checkboxes__item hidden" data-v-64bb6155><div class="checkbox" data-v-64bb6155><input id="ouch" type="checkbox" name="ouch" value="ouch" checked data-v-64bb6155> <label for="ouch" data-v-64bb6155>OUCH! Security Awareness</label></div></li></ul></div> <div class="muted" data-v-64bb6155> This site is protected by reCAPTCHA and the Google <a href="https://policies.google.com/privacy" data-v-64bb6155>Privacy Policy</a> and <a href="https://policies.google.com/terms" data-v-64bb6155>Terms of Service</a> apply. </div> <input type="submit" value="Subscribe" class="submitButton button button--large button--light button--primary" data-v-5041ef13 data-v-64bb6155> </form></div></div></div></div> <div class="footer__bottom" data-v-74c48210><nav aria-label="Secondary footer menu" role="navigation" class="footer-menu footer-menu--secondary" data-v-40c2b7a4 data-v-7c90a14a><ul role="menubar" data-v-40c2b7a4><li class="privacy-policy" data-v-40c2b7a4>© 2024 SANS® Institute</li>  <li role="menuitem" data-v-40c2b7a4><a href="/legal/privacy/" aria-label="Privacy Policy" target="_self" data-v-40c2b7a4>Privacy Policy</a></li><li role="menuitem" data-v-40c2b7a4><a href="/legal/terms-conditions/" aria-label="Terms and Conditions" target="_self" data-v-40c2b7a4>Terms and Conditions</a></li><li role="menuitem" data-v-40c2b7a4><a href="/legal/do-not-share-sell/" aria-label="Do Not Sell/Share My Personal Information" target="_self" data-v-40c2b7a4>Do Not Sell/Share My Personal Information</a></li><li role="menuitem" data-v-40c2b7a4><a href="/about/contact/" aria-label="Contact" target="_self" data-v-40c2b7a4>Contact</a></li><li role="menuitem" data-v-40c2b7a4><a href="/mlp/careers/" aria-label="Careers" target="_self" data-v-40c2b7a4>Careers</a></li></ul></nav> <div class="social-links" data-v-342bdce6 data-v-7c90a14a> <ul aria-label="Social links" class="social-links-list" data-v-342bdce6><li data-v-342bdce6><a href="https://twitter.com/sansinstitute" aria-label="Subscribe to us in Twitter" class="twitter twitter--dark" data-v-342bdce6>Twitter</a></li><li data-v-342bdce6><a href="https://www.facebook.com/sansinstitute" aria-label="Find us in Facebook" class="facebook facebook--dark" data-v-342bdce6>Facebook</a></li><li data-v-342bdce6><a href="https://www.youtube.com/user/TheSANSInstitute" aria-label="Subscribe to us in Youtube" class="youtube youtube--dark" data-v-342bdce6>Youtube</a></li><li data-v-342bdce6><a href="https://www.linkedin.com/company/14104" aria-label="Subscribe to us in linkedin" class="linkedin linkedin--dark" data-v-342bdce6>LinkedIn</a></li></ul></div></div></footer></div></footer></div></div></div><script>window.__NUXT__=function(e,a,t,n,s,r,i,l,o,c,p,d,u,m,_,f,h,g,b,y,T,v,E,L,C,w,x,I,F,O,k,A,S,N,U,W,G,q,z,Y,B,H,V,J,X,j,Q,K,$,ee,ae,te,ne,se,re,ie,le,oe,ce,pe,de,ue,me,_e,fe,he,ge,be,ye,Te,ve,Ee,Le,Ce,we,xe,Ie,ke,Ae,Se,Pe,Me,Re,Ze,De,Fe,Oe,Ne,Ue,We,Ge,qe,ze,Ye,Be,He,Ve,Je,Xe,je,Qe,Ke,$e,ea,aa,ta,na,sa,ra,ia,la,oa,ca,pa,da,ua,ma,_a,fa,ha,ga,ba,ya,Ta,va,Ea,La,Ca,wa,xa,Ia,ka,Aa,Sa,Pa,Ma,Ra,Za,Da,Fa,Oa,Na,Ua,Wa,Ga,qa,za,Ya,Ba,Ha,Va,Ja,Xa,ja,Qa,Ka,$a,et,at,P,tt,nt,st,rt,it,lt,ot,ct,pt,dt,ut,mt,_t,ft,ht,gt,bt,yt,Tt,vt,Et,Lt,Ct,wt,xt,It,kt,At,St,Pt,Mt,Rt,Zt,Dt,Ft,Ot,Nt,Ut,Wt,Gt,qt,zt,Yt,Bt,Ht,Vt,Jt,Xt,jt,Qt,Kt,$t,en,an,tn,nn,sn,rn,ln,on,cn,pn,dn,un,mn,_n,fn,hn,gn,bn,yn,Tn,vn,En,Ln,Cn,wn,xn,In,kn,An,Sn,Pn,Mn,Rn,Zn,Dn,Fn,On,Nn,Un,Wn,Gn,qn,zn,Yn,Bn,Hn,Vn,Jn,Xn,jn,Qn,Kn,$n,es,as,ts,ns,ss,rs,is,ls,os,cs,ps,ds,us,ms,_s,fs,hs,gs,bs,ys,Ts,vs,Es,Ls,Cs,ws,xs,Is,ks,As,Ss,Ps,Ms,Rs,Zs,Ds,Fs,Os,Ns,Us,Ws,Gs,qs,zs,Ys,Bs,Hs,Vs,Js,M,Xs,js,Qs,Ks,$s,er,ar,tr,R,nr,sr,rr,ir,lr,or,cr,pr,dr,ur,mr,_r,fr,hr,gr,br,yr,Tr,vr,Er,Lr,Cr,wr,xr,Ir,kr,Ar,Sr,Pr,Mr,Rr,Zr,Dr,Fr,Or,Nr,Ur,Wr,Gr,qr,zr,Yr,Br,Hr,Vr,Jr,Xr,jr,Qr,Kr,$r,ei,ai,ti,ni,si,ri,ii,li,oi,ci,pi,di,ui,mi,_i,fi,hi,gi,bi,yi,Ti,vi,Ei,Li,Ci,wi,xi,Ii,ki,Ai,Si,Pi,Mi,Ri,Zi,Di,Fi,Oi,Ni,Ui,Wi,Gi,qi,zi,Yi,Bi,Hi,Vi,Ji,Xi,ji,Qi,Ki,$i,e0,a0,t0,n0,s0,r0,i0,l0,o0,c0,Z,p0,d0,u0,m0,_0,f0,h0,D){return Ki.title=e,$i.title=Ki.href=e,$i.href=e,h0.anchor=u0,h0.url="/cyber-security-courses/linux-threat-hunting-incident-response#prereqs",h0.title="Prerequisites",h0.hide=a,D.site="sans",D.baseDomain="sans.org",D.menuItems="sans_navigation_item",D.logoClass="logo-sans",D.baseURI=Hr,D.defaultBrowserTitle="SANS Cyber Security Certifications & Research",D.defaultMetaDescription=e,D.defaultMetaSocialImage="https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt98b136a644f78dec/cropped-SANS-Blue-Square-270x270.png",D.navComponent=Jr,D.form={privacyPolicy:'By providing this information, you agree to the processing of your personal data by SANS as described in our <a href="/legal/privacy/">Privacy Policy</a>.',marketingMessage:"Please send me opportunities to become certified, learn new skills through SANS courses, and find training opportunities either near me or online."},D.navButtons=[{size:"small",href:"/about/contact/sales/?msc=mega-nav-button",label:_r}],D.socialLinks={twitter:{href:"https://twitter.com/sansinstitute",label:"Twitter",ariaLabel:"Subscribe to us in Twitter"},facebook:{href:"https://www.facebook.com/sansinstitute",label:"Facebook",ariaLabel:"Find us in Facebook"},youtube:{href:"https://www.youtube.com/user/TheSANSInstitute",label:"Youtube",ariaLabel:"Subscribe to us in Youtube"},linkedin:{href:"https://www.linkedin.com/company/14104",label:"LinkedIn",ariaLabel:"Subscribe to us in linkedin"}},D.cartDomain=Hr,{layout:"default",data:[{headerMenu:Jr,menu_items:[{label:Oa,href:F,ariaLabel:Oa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:n,href:F,ariaLabel:n,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ge,href:cs,ariaLabel:Ge,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:qe,href:ps,ariaLabel:qe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ze,href:ds,ariaLabel:ze,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ye,href:us,ariaLabel:Ye,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Be,href:ms,ariaLabel:Be,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:He,href:_s,ariaLabel:He,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:He,href:_s,ariaLabel:He,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:fs,href:d,ariaLabel:fs,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:tt,href:nr,ariaLabel:tt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:nt,href:sr,ariaLabel:nt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:st,href:rr,ariaLabel:st,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:rt,href:ir,ariaLabel:rt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:it,href:lr,ariaLabel:it,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:u,href:or,ariaLabel:u,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:lt,href:cr,ariaLabel:lt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ot,href:pr,ariaLabel:ot,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ct,href:dr,ariaLabel:ct,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:pt,href:ur,ariaLabel:pt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:mr,href:d,ariaLabel:mr,menu_item_type:mr,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:fs,href:d,ariaLabel:fs,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:tt,href:nr,ariaLabel:tt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:nt,href:sr,ariaLabel:nt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:st,href:rr,ariaLabel:st,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:rt,href:ir,ariaLabel:rt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:it,href:lr,ariaLabel:it,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:u,href:or,ariaLabel:u,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:lt,href:cr,ariaLabel:lt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ot,href:pr,ariaLabel:ot,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ct,href:dr,ariaLabel:ct,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:pt,href:ur,ariaLabel:pt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]}]},{label:_r,href:en,ariaLabel:_r,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:dt,href:Na,ariaLabel:dt,menu_item_type:T,page_reference:e,cssClass:e,openExternal:a,info:{heading:dt,paragraph:Xr,buttonTitle:N,url:Na},teaser:{heading:jr,imgSrc:Qr,details:Kr,link:$r},children:[{label:n,href:Na,ariaLabel:n,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ut,href:Ua,ariaLabel:ut,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:U,href:Ua,ariaLabel:U,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:W,href:an,ariaLabel:W,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:G,href:tn,ariaLabel:G,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:Ve,href:hs,ariaLabel:Ve,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:q,href:nn,ariaLabel:q,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:z,href:sn,ariaLabel:z,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Y,href:rn,ariaLabel:Y,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:B,href:ln,ariaLabel:B,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:H,href:on,ariaLabel:H,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:V,href:cn,ariaLabel:V,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:J,href:pn,ariaLabel:J,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:Je,href:gs,ariaLabel:Je,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:X,href:dn,ariaLabel:X,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:j,href:un,ariaLabel:j,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]}]},{label:m,href:Xe,ariaLabel:m,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:mt,href:O,ariaLabel:mt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:n,href:O,ariaLabel:n,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:je,href:O,ariaLabel:je,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Qe,href:bs,ariaLabel:Qe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:h,href:fr,ariaLabel:h,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:_t,href:hr,ariaLabel:_t,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ft,href:gr,ariaLabel:ft,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:ht,href:Wa,ariaLabel:ht,menu_item_type:T,page_reference:e,cssClass:e,openExternal:a,info:{heading:ht,paragraph:ei,buttonTitle:N,url:Wa},teaser:{heading:ai,imgSrc:ti,details:ni,link:si},children:[{label:n,href:Wa,ariaLabel:n,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:gt,href:br,ariaLabel:gt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:bt,href:yr,ariaLabel:bt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Ke,href:ys,ariaLabel:Ke,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:$e,href:Ts,ariaLabel:$e,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ea,href:vs,ariaLabel:ea,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Q,href:mn,ariaLabel:Q,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:K,href:v,ariaLabel:K,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:$,href:_n,ariaLabel:$,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]}]},{label:yt,href:ee,ariaLabel:yt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:aa,href:Es,ariaLabel:aa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ta,href:Ls,ariaLabel:ta,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:na,href:Cs,ariaLabel:na,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]}]},{label:Tt,href:Ga,ariaLabel:Tt,menu_item_type:T,page_reference:e,cssClass:e,openExternal:a,info:{heading:Tt,paragraph:ri,buttonTitle:N,url:Ga},teaser:{heading:vt,imgSrc:ii,details:li,link:Et},children:[{label:n,href:Ga,ariaLabel:Tr,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:y,href:E,ariaLabel:y,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:n,href:ws,ariaLabel:xs,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:sa,href:E,ariaLabel:sa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ra,href:Is,ariaLabel:ra,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:c,href:fn,ariaLabel:c,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:r,href:hn,ariaLabel:r,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:i,href:gn,ariaLabel:i,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ae,href:bn,ariaLabel:ae,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:l,href:yn,ariaLabel:l,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:te,href:Tn,ariaLabel:te,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:s,href:vn,ariaLabel:s,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:o,href:En,ariaLabel:o,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ne,href:Ln,ariaLabel:ne,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:ia,href:ks,ariaLabel:ia,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:se,href:Cn,ariaLabel:se,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:re,href:wn,ariaLabel:re,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:k,href:xn,ariaLabel:k,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ie,href:In,ariaLabel:ie,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:la,href:As,ariaLabel:la,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:p,href:oa,ariaLabel:p,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:A,href:kn,ariaLabel:A,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:S,href:An,ariaLabel:S,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:vt,href:Et,ariaLabel:Ss,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:Lt,href:qa,ariaLabel:Lt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:ca,href:qa,ariaLabel:ca,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:pa,href:Ps,ariaLabel:pa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:le,href:Sn,ariaLabel:le,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:oe,href:Pn,ariaLabel:oe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ce,href:Mn,ariaLabel:ce,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:pe,href:Rn,ariaLabel:pe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:de,href:Zn,ariaLabel:de,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:L,href:Dn,ariaLabel:L,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:da,href:Ms,ariaLabel:da,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:ue,href:Fn,ariaLabel:ue,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:me,href:On,ariaLabel:me,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:_e,href:Nn,ariaLabel:_e,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:fe,href:Un,ariaLabel:fe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:he,href:Wn,ariaLabel:he,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ge,href:Gn,ariaLabel:ge,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:be,href:qn,ariaLabel:be,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:s,href:zn,ariaLabel:s,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:ua,href:Rs,ariaLabel:ua,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:Ct,href:vr,ariaLabel:Ct,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:wt,href:za,ariaLabel:wt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:ma,href:Zs,ariaLabel:ma,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:_a,href:za,ariaLabel:_a,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:ye,href:Yn,ariaLabel:ye,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Te,href:Bn,ariaLabel:Te,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ve,href:Hn,ariaLabel:ve,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ee,href:Vn,ariaLabel:Ee,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:u,href:Jn,ariaLabel:u,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Le,href:Xn,ariaLabel:Le,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ce,href:jn,ariaLabel:Ce,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:we,href:Qn,ariaLabel:we,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:fa,href:Ds,ariaLabel:fa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:_,href:ha,ariaLabel:_,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:p,href:oa,ariaLabel:p,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:xt,href:Ya,ariaLabel:xt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:n,href:Ya,ariaLabel:n,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ga,href:Fs,ariaLabel:ga,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:f,href:ba,ariaLabel:f,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ya,href:Os,ariaLabel:ya,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:C,href:It,ariaLabel:C,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:wt,href:za,ariaLabel:wt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:ma,href:Zs,ariaLabel:ma,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:_a,href:za,ariaLabel:_a,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:ye,href:Yn,ariaLabel:ye,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Te,href:Bn,ariaLabel:Te,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ve,href:Hn,ariaLabel:ve,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ee,href:Vn,ariaLabel:Ee,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:u,href:Jn,ariaLabel:u,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Le,href:Xn,ariaLabel:Le,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ce,href:jn,ariaLabel:Ce,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:we,href:Qn,ariaLabel:we,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:fa,href:Ds,ariaLabel:fa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:_,href:ha,ariaLabel:_,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:fa,href:Ds,ariaLabel:fa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ve,href:hs,ariaLabel:Ve,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:q,href:nn,ariaLabel:q,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:z,href:sn,ariaLabel:z,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Y,href:rn,ariaLabel:Y,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:B,href:ln,ariaLabel:B,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:H,href:on,ariaLabel:H,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:V,href:cn,ariaLabel:V,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:J,href:pn,ariaLabel:J,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:H,href:on,ariaLabel:H,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:J,href:pn,ariaLabel:J,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:da,href:Ms,ariaLabel:da,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:ue,href:Fn,ariaLabel:ue,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:me,href:On,ariaLabel:me,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:_e,href:Nn,ariaLabel:_e,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:fe,href:Un,ariaLabel:fe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:he,href:Wn,ariaLabel:he,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ge,href:Gn,ariaLabel:ge,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:be,href:qn,ariaLabel:be,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:s,href:zn,ariaLabel:s,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:he,href:Wn,ariaLabel:he,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:be,href:qn,ariaLabel:be,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ge,href:Gn,ariaLabel:ge,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:fe,href:Un,ariaLabel:fe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:_e,href:Nn,ariaLabel:_e,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:me,href:On,ariaLabel:me,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ue,href:Fn,ariaLabel:ue,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:oi,href:"/security-awareness-training/products/specialized-training/ai-role-based-security-essentials/",ariaLabel:oi,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:kt,href:ci,ariaLabel:kt,menu_item_type:T,page_reference:e,cssClass:e,openExternal:a,info:{heading:kt,paragraph:pi,buttonTitle:di,url:ui},teaser:{heading:mi,imgSrc:_i,details:fi,link:hi},children:[{label:n,href:Ue,ariaLabel:Er,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:At,href:Ba,ariaLabel:At,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Ta,href:Ba,ariaLabel:Ta,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:va,href:Ns,ariaLabel:va,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:xe,href:Kn,ariaLabel:xe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ie,href:$n,ariaLabel:Ie,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ke,href:es,ariaLabel:ke,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]}]},{label:Lr,href:Ha,ariaLabel:Cr,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Ea,href:Ha,ariaLabel:Ea,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:_,href:ha,ariaLabel:_,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:La,href:Us,ariaLabel:La,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:w,href:Ws,ariaLabel:w,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Gs,href:qs,ariaLabel:w,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:St,href:Ue,ariaLabel:St,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Ca,href:zs,ariaLabel:Ca,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Ae,href:as,ariaLabel:Ae,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Se,href:ts,ariaLabel:Se,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:m,href:Xe,ariaLabel:m,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:h,href:Ys,ariaLabel:h,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:wa,href:Bs,ariaLabel:wa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Pe,href:ns,ariaLabel:Pe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Me,href:ss,ariaLabel:Me,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Re,href:rs,ariaLabel:Re,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ze,href:is,ariaLabel:Ze,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:xa,href:Hs,ariaLabel:xa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:g,href:Va,ariaLabel:g,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:Ia,href:wr,ariaLabel:Ia,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Pt,href:Ue,ariaLabel:Pt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:b,href:Ja,ariaLabel:b,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ka,href:Xa,ariaLabel:ka,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:Mt,href:xr,ariaLabel:Mt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:De,href:Ir,ariaLabel:De,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:c,href:Vs,ariaLabel:c,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:r,href:ja,ariaLabel:r,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:i,href:Qa,ariaLabel:i,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:l,href:ee,ariaLabel:l,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Aa,href:Ka,ariaLabel:Aa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:s,href:v,ariaLabel:s,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:o,href:$a,ariaLabel:o,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Fe,href:Js,ariaLabel:Fe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]}]},{label:Lr,href:Ha,ariaLabel:Cr,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Ea,href:Ha,ariaLabel:Ea,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:_,href:ha,ariaLabel:_,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:La,href:Us,ariaLabel:La,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:w,href:Ws,ariaLabel:w,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Gs,href:qs,ariaLabel:w,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:Gs,href:qs,ariaLabel:w,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:yt,href:ee,ariaLabel:yt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:aa,href:Es,ariaLabel:aa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ta,href:Ls,ariaLabel:ta,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:na,href:Cs,ariaLabel:na,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:na,href:Cs,ariaLabel:na,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:_a,href:za,ariaLabel:_a,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:ye,href:Yn,ariaLabel:ye,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Te,href:Bn,ariaLabel:Te,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ve,href:Hn,ariaLabel:ve,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ee,href:Vn,ariaLabel:Ee,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:u,href:Jn,ariaLabel:u,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Le,href:Xn,ariaLabel:Le,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ce,href:jn,ariaLabel:Ce,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:we,href:Qn,ariaLabel:we,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:n,href:Wa,ariaLabel:n,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Rt,href:F,ariaLabel:Rt,menu_item_type:T,page_reference:e,cssClass:e,openExternal:a,info:{heading:Rt,paragraph:gi,buttonTitle:N,url:F},teaser:{heading:Oe,imgSrc:bi,details:yi,link:We},children:[{label:Oa,href:F,ariaLabel:Oa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:n,href:F,ariaLabel:n,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ge,href:cs,ariaLabel:Ge,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:qe,href:ps,ariaLabel:qe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ze,href:ds,ariaLabel:ze,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ye,href:us,ariaLabel:Ye,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Be,href:ms,ariaLabel:Be,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:He,href:_s,ariaLabel:He,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:Zt,href:et,ariaLabel:Zt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Sa,href:et,ariaLabel:Sa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Pa,href:M,ariaLabel:Pa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:Dt,href:We,ariaLabel:Dt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Oe,href:We,ariaLabel:Oe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ma,href:Xs,ariaLabel:Ma,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:f,href:ba,ariaLabel:f,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:x,href:Ne,ariaLabel:x,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Ra,href:Ne,ariaLabel:Ra,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Za,href:en,ariaLabel:Za,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Da,href:js,ariaLabel:Da,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:Ft,href:kr,ariaLabel:Ft,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:I,href:Ot,ariaLabel:I,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:Ye,href:us,ariaLabel:Ye,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ct,href:dr,ariaLabel:ct,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:lt,href:cr,ariaLabel:lt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:o,href:$a,ariaLabel:o,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:s,href:v,ariaLabel:s,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Nt,href:Ka,ariaLabel:Nt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:l,href:ee,ariaLabel:l,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:r,href:ja,ariaLabel:r,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:i,href:Qa,ariaLabel:i,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:b,href:Ja,ariaLabel:b,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:g,href:Va,ariaLabel:g,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ut,href:Xa,ariaLabel:Ut,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:C,href:It,ariaLabel:C,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Wt,href:Ar,ariaLabel:Wt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Gt,href:Sr,ariaLabel:Gt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:y,href:E,ariaLabel:y,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:I,href:Ot,ariaLabel:I,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:x,href:Ne,ariaLabel:x,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:qt,href:Pr,ariaLabel:qt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:zt,href:Mr,ariaLabel:zt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Yt,href:Rr,ariaLabel:Yt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Qs,href:ls,ariaLabel:Qs,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Bt,href:ls,ariaLabel:Bt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ht,href:Zr,ariaLabel:Ht,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:Ht,href:Zr,ariaLabel:Ht,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Bt,href:ls,ariaLabel:Bt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ks,href:os,ariaLabel:Ks,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:$s,href:Ti,ariaLabel:$s,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ot,href:pr,ariaLabel:ot,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:u,href:or,ariaLabel:u,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:it,href:lr,ariaLabel:it,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:vi,href:"/in_en/",ariaLabel:vi,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:rt,href:ir,ariaLabel:rt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:st,href:rr,ariaLabel:st,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:nt,href:sr,ariaLabel:nt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:tt,href:nr,ariaLabel:tt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ke,href:es,ariaLabel:ke,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ie,href:$n,ariaLabel:Ie,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:xe,href:Kn,ariaLabel:xe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ze,href:is,ariaLabel:Ze,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Re,href:rs,ariaLabel:Re,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Me,href:ss,ariaLabel:Me,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Pe,href:ns,ariaLabel:Pe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:De,href:Ir,ariaLabel:De,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:c,href:Vs,ariaLabel:c,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:r,href:ja,ariaLabel:r,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:i,href:Qa,ariaLabel:i,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:l,href:ee,ariaLabel:l,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Aa,href:Ka,ariaLabel:Aa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:s,href:v,ariaLabel:s,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:o,href:$a,ariaLabel:o,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Fe,href:Js,ariaLabel:Fe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:Da,href:js,ariaLabel:Da,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Za,href:en,ariaLabel:Za,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ra,href:Ne,ariaLabel:Ra,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Vt,href:Dr,ariaLabel:Vt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:!(D.siteEnvironment=void 0),teaser:a},{label:Jt,href:Fr,ariaLabel:Jt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Xt,href:Or,ariaLabel:Xt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:jt,href:Nr,ariaLabel:jt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Qt,href:Ur,ariaLabel:Qt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Kt,href:Wr,ariaLabel:Kt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Fa,href:os,ariaLabel:Fa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:n,href:at,ariaLabel:n,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:$t,href:at,ariaLabel:$t,menu_item_type:T,page_reference:e,cssClass:e,openExternal:a,info:{heading:$t,paragraph:Ei,buttonTitle:N,url:at},teaser:{heading:Fa,imgSrc:Li,details:Ci,link:wi},children:[{label:n,href:at,ariaLabel:n,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Fa,href:os,ariaLabel:Fa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Kt,href:Wr,ariaLabel:Kt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Qt,href:Ur,ariaLabel:Qt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:jt,href:Nr,ariaLabel:jt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Xt,href:Or,ariaLabel:Xt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Jt,href:Fr,ariaLabel:Jt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Vt,href:Dr,ariaLabel:Vt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:!0,teaser:a}]},{label:ft,href:gr,ariaLabel:ft,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:_t,href:hr,ariaLabel:_t,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:h,href:fr,ariaLabel:h,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Qe,href:bs,ariaLabel:Qe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:je,href:O,ariaLabel:je,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:n,href:O,ariaLabel:n,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:mt,href:O,ariaLabel:mt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:n,href:O,ariaLabel:n,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:je,href:O,ariaLabel:je,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Qe,href:bs,ariaLabel:Qe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:m,href:Xe,ariaLabel:m,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:j,href:un,ariaLabel:j,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:X,href:dn,ariaLabel:X,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Je,href:gs,ariaLabel:Je,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:X,href:dn,ariaLabel:X,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:j,href:un,ariaLabel:j,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:V,href:cn,ariaLabel:V,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Y,href:rn,ariaLabel:Y,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:B,href:ln,ariaLabel:B,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:z,href:sn,ariaLabel:z,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:q,href:nn,ariaLabel:q,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ut,href:Ua,ariaLabel:ut,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:U,href:Ua,ariaLabel:U,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:W,href:an,ariaLabel:W,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:G,href:tn,ariaLabel:G,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:Ve,href:hs,ariaLabel:Ve,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:q,href:nn,ariaLabel:q,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:z,href:sn,ariaLabel:z,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Y,href:rn,ariaLabel:Y,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:B,href:ln,ariaLabel:B,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:H,href:on,ariaLabel:H,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:V,href:cn,ariaLabel:V,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:J,href:pn,ariaLabel:J,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:Je,href:gs,ariaLabel:Je,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:X,href:dn,ariaLabel:X,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:j,href:un,ariaLabel:j,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]}]},{label:n,href:Na,ariaLabel:n,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:G,href:tn,ariaLabel:G,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:W,href:an,ariaLabel:W,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:U,href:Ua,ariaLabel:U,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:W,href:an,ariaLabel:W,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:G,href:tn,ariaLabel:G,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:ta,href:Ls,ariaLabel:ta,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:aa,href:Es,ariaLabel:aa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:K,href:v,ariaLabel:K,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Q,href:mn,ariaLabel:Q,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ea,href:vs,ariaLabel:ea,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Q,href:mn,ariaLabel:Q,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:K,href:v,ariaLabel:K,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:$,href:_n,ariaLabel:$,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:$e,href:Ts,ariaLabel:$e,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ke,href:ys,ariaLabel:Ke,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:bt,href:yr,ariaLabel:bt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Ke,href:ys,ariaLabel:Ke,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:$e,href:Ts,ariaLabel:$e,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ea,href:vs,ariaLabel:ea,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Q,href:mn,ariaLabel:Q,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:K,href:v,ariaLabel:K,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:$,href:_n,ariaLabel:$,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]}]},{label:gt,href:br,ariaLabel:gt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:C,href:It,ariaLabel:C,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ya,href:Os,ariaLabel:ya,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:f,href:ba,ariaLabel:f,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ga,href:Fs,ariaLabel:ga,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:n,href:Ya,ariaLabel:n,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:xt,href:Ya,ariaLabel:xt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:n,href:Ya,ariaLabel:n,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ga,href:Fs,ariaLabel:ga,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:f,href:ba,ariaLabel:f,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ya,href:Os,ariaLabel:ya,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:p,href:oa,ariaLabel:p,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:_,href:ha,ariaLabel:_,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:we,href:Qn,ariaLabel:we,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ce,href:jn,ariaLabel:Ce,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Le,href:Xn,ariaLabel:Le,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:u,href:Jn,ariaLabel:u,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ee,href:Vn,ariaLabel:Ee,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ve,href:Hn,ariaLabel:ve,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Te,href:Bn,ariaLabel:Te,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ye,href:Yn,ariaLabel:ye,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:s,href:zn,ariaLabel:s,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:xi,href:"/nice-framework/investigate/",ariaLabel:xi,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ii,href:"/nice-framework/operate-collect/",ariaLabel:Ii,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ki,href:"/nice-framework/analyze/",ariaLabel:ki,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ai,href:"/nice-framework/protect-defend/",ariaLabel:Ai,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Si,href:"/nice-framework/oversee-govern/",ariaLabel:Si,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Pi,href:"/nice-framework/operate-maintain/",ariaLabel:Pi,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Mi,href:"/nice-framework/security-provisionals/",ariaLabel:Mi,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:L,href:Dn,ariaLabel:L,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:pe,href:Rn,ariaLabel:pe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ce,href:Mn,ariaLabel:ce,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:oe,href:Pn,ariaLabel:oe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:le,href:Sn,ariaLabel:le,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Lt,href:qa,ariaLabel:Lt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:ca,href:qa,ariaLabel:ca,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:pa,href:Ps,ariaLabel:pa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:le,href:Sn,ariaLabel:le,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:oe,href:Pn,ariaLabel:oe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ce,href:Mn,ariaLabel:ce,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:pe,href:Rn,ariaLabel:pe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:de,href:Zn,ariaLabel:de,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:L,href:Dn,ariaLabel:L,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:da,href:Ms,ariaLabel:da,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:ue,href:Fn,ariaLabel:ue,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:me,href:On,ariaLabel:me,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:_e,href:Nn,ariaLabel:_e,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:fe,href:Un,ariaLabel:fe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:he,href:Wn,ariaLabel:he,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ge,href:Gn,ariaLabel:ge,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:be,href:qn,ariaLabel:be,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:s,href:zn,ariaLabel:s,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:ua,href:Rs,ariaLabel:ua,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:ma,href:Zs,ariaLabel:ma,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ct,href:vr,ariaLabel:Ct,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ua,href:Rs,ariaLabel:ua,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:pa,href:Ps,ariaLabel:pa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:le,href:Sn,ariaLabel:le,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:oe,href:Pn,ariaLabel:oe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ce,href:Mn,ariaLabel:ce,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:pe,href:Rn,ariaLabel:pe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:de,href:Zn,ariaLabel:de,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:L,href:Dn,ariaLabel:L,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:ca,href:qa,ariaLabel:ca,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ra,href:Is,ariaLabel:ra,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:c,href:fn,ariaLabel:c,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:r,href:hn,ariaLabel:r,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:i,href:gn,ariaLabel:i,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ae,href:bn,ariaLabel:ae,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:l,href:yn,ariaLabel:l,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:te,href:Tn,ariaLabel:te,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:s,href:vn,ariaLabel:s,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:o,href:En,ariaLabel:o,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ne,href:Ln,ariaLabel:ne,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:ne,href:Ln,ariaLabel:ne,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:l,href:yn,ariaLabel:l,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:c,href:fn,ariaLabel:c,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:r,href:hn,ariaLabel:r,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:i,href:gn,ariaLabel:i,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ae,href:bn,ariaLabel:ae,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:te,href:Tn,ariaLabel:te,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:s,href:vn,ariaLabel:s,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:o,href:En,ariaLabel:o,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:se,href:Cn,ariaLabel:se,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:re,href:wn,ariaLabel:re,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:k,href:xn,ariaLabel:k,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ie,href:In,ariaLabel:ie,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:la,href:As,ariaLabel:la,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:p,href:oa,ariaLabel:p,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:A,href:kn,ariaLabel:A,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:S,href:An,ariaLabel:S,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:vt,href:Et,ariaLabel:Ss,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:S,href:An,ariaLabel:S,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:A,href:kn,ariaLabel:A,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:p,href:oa,ariaLabel:p,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ia,href:ks,ariaLabel:ia,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:se,href:Cn,ariaLabel:se,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:re,href:wn,ariaLabel:re,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:k,href:xn,ariaLabel:k,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ie,href:In,ariaLabel:ie,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:sa,href:E,ariaLabel:sa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:n,href:ws,ariaLabel:xs,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:y,href:E,ariaLabel:y,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:n,href:ws,ariaLabel:xs,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:sa,href:E,ariaLabel:sa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ra,href:Is,ariaLabel:ra,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:c,href:fn,ariaLabel:c,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:r,href:hn,ariaLabel:r,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:i,href:gn,ariaLabel:i,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ae,href:bn,ariaLabel:ae,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:l,href:yn,ariaLabel:l,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:te,href:Tn,ariaLabel:te,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:s,href:vn,ariaLabel:s,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:o,href:En,ariaLabel:o,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ne,href:Ln,ariaLabel:ne,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:ia,href:ks,ariaLabel:ia,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:se,href:Cn,ariaLabel:se,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:re,href:wn,ariaLabel:re,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:k,href:xn,ariaLabel:k,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ie,href:In,ariaLabel:ie,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:la,href:As,ariaLabel:la,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:p,href:oa,ariaLabel:p,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:A,href:kn,ariaLabel:A,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:S,href:An,ariaLabel:S,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:vt,href:Et,ariaLabel:Ss,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:n,href:Ga,ariaLabel:Tr,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Zt,href:et,ariaLabel:Zt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Sa,href:et,ariaLabel:Sa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Pa,href:M,ariaLabel:Pa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:I,href:Ot,ariaLabel:I,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Be,href:ms,ariaLabel:Be,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ze,href:ds,ariaLabel:ze,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ft,href:kr,ariaLabel:Ft,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:x,href:Ne,ariaLabel:x,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Ra,href:Ne,ariaLabel:Ra,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Za,href:en,ariaLabel:Za,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Da,href:js,ariaLabel:Da,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:f,href:ba,ariaLabel:f,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ma,href:Xs,ariaLabel:Ma,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Oe,href:We,ariaLabel:Oe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Dt,href:We,ariaLabel:Dt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Oe,href:We,ariaLabel:Oe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ma,href:Xs,ariaLabel:Ma,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:f,href:ba,ariaLabel:f,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:Sa,href:et,ariaLabel:Sa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:qe,href:ps,ariaLabel:qe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ge,href:cs,ariaLabel:Ge,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:n,href:F,ariaLabel:n,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:m,href:Xe,ariaLabel:m,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Se,href:ts,ariaLabel:Se,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ae,href:as,ariaLabel:Ae,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:w,href:Ws,ariaLabel:w,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:La,href:Us,ariaLabel:La,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:_,href:ha,ariaLabel:_,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ea,href:Ha,ariaLabel:Ea,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Mt,href:xr,ariaLabel:Mt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ka,href:Xa,ariaLabel:ka,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:b,href:Ja,ariaLabel:b,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Pt,href:Ue,ariaLabel:Pt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:b,href:Ja,ariaLabel:b,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ka,href:Xa,ariaLabel:ka,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:Ia,href:wr,ariaLabel:Ia,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:g,href:Va,ariaLabel:g,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:xa,href:Hs,ariaLabel:xa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:wa,href:Bs,ariaLabel:wa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Pe,href:ns,ariaLabel:Pe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Me,href:ss,ariaLabel:Me,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Re,href:rs,ariaLabel:Re,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ze,href:is,ariaLabel:Ze,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:h,href:Ys,ariaLabel:h,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ca,href:zs,ariaLabel:Ca,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Ae,href:as,ariaLabel:Ae,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Se,href:ts,ariaLabel:Se,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:m,href:Xe,ariaLabel:m,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:St,href:Ue,ariaLabel:St,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Ca,href:zs,ariaLabel:Ca,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Ae,href:as,ariaLabel:Ae,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Se,href:ts,ariaLabel:Se,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:m,href:Xe,ariaLabel:m,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:h,href:Ys,ariaLabel:h,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:wa,href:Bs,ariaLabel:wa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Pe,href:ns,ariaLabel:Pe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Me,href:ss,ariaLabel:Me,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Re,href:rs,ariaLabel:Re,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ze,href:is,ariaLabel:Ze,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:xa,href:Hs,ariaLabel:xa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:g,href:Va,ariaLabel:g,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:va,href:Ns,ariaLabel:va,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:xe,href:Kn,ariaLabel:xe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ie,href:$n,ariaLabel:Ie,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ke,href:es,ariaLabel:ke,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:Ta,href:Ba,ariaLabel:Ta,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:At,href:Ba,ariaLabel:At,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Ta,href:Ba,ariaLabel:Ta,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:va,href:Ns,ariaLabel:va,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:xe,href:Kn,ariaLabel:xe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ie,href:$n,ariaLabel:Ie,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ke,href:es,ariaLabel:ke,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]}]},{label:n,href:Ue,ariaLabel:Er,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Fe,href:Js,ariaLabel:Fe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:o,href:$a,ariaLabel:o,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:s,href:v,ariaLabel:s,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Aa,href:Ka,ariaLabel:Aa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:l,href:ee,ariaLabel:l,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:i,href:Qa,ariaLabel:i,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:r,href:ja,ariaLabel:r,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:c,href:Vs,ariaLabel:c,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:e,href:d,ariaLabel:e,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Yt,href:Rr,ariaLabel:Yt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:zt,href:Mr,ariaLabel:zt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:qt,href:Pr,ariaLabel:qt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:x,href:Ne,ariaLabel:x,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:I,href:Ot,ariaLabel:I,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:pt,href:ur,ariaLabel:pt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:$,href:_n,ariaLabel:$,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:de,href:Zn,ariaLabel:de,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:L,href:"/job-roles-roadmap/leadership/?msc=main-nav",ariaLabel:L,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ri,href:"/cyber-security-courses/?focus-area=purple-team&msc=main-nav",ariaLabel:Ri,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Fe,href:"/cyber-security-courses/?focus-area=open-source-intelligence&msc=main-nav",ariaLabel:Fe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Zi,href:"/why-work-with-sans/?msc=main-nav",ariaLabel:Zi,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Gr,href:d,ariaLabel:Gr,menu_item_type:Gr,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:e,href:d,ariaLabel:e,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Yt,href:Rr,ariaLabel:Yt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:zt,href:Mr,ariaLabel:zt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:qt,href:Pr,ariaLabel:qt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:x,href:Ne,ariaLabel:x,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:I,href:Ot,ariaLabel:I,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]}]},{label:De,href:d,ariaLabel:De,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:i,href:Qa,ariaLabel:i,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:r,href:ja,ariaLabel:r,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:l,href:ee,ariaLabel:l,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Nt,href:Ka,ariaLabel:Nt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:s,href:v,ariaLabel:s,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:o,href:$a,ariaLabel:o,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:er,href:d,ariaLabel:er,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Ut,href:Xa,ariaLabel:Ut,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:g,href:Va,ariaLabel:g,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:b,href:Ja,ariaLabel:b,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:ar,href:d,ariaLabel:ar,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:y,href:E,ariaLabel:y,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Gt,href:Sr,ariaLabel:Gt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Wt,href:Ar,ariaLabel:Wt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:C,href:It,ariaLabel:C,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:qr,href:d,ariaLabel:qr,menu_item_type:qr,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:ar,href:d,ariaLabel:ar,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:y,href:E,ariaLabel:y,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Gt,href:Sr,ariaLabel:Gt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Wt,href:Ar,ariaLabel:Wt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:C,href:It,ariaLabel:C,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:er,href:d,ariaLabel:er,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Ut,href:Xa,ariaLabel:Ut,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:g,href:Va,ariaLabel:g,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:b,href:Ja,ariaLabel:b,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:De,href:d,ariaLabel:De,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:i,href:Qa,ariaLabel:i,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:r,href:ja,ariaLabel:r,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:l,href:ee,ariaLabel:l,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Nt,href:Ka,ariaLabel:Nt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:s,href:v,ariaLabel:s,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:o,href:$a,ariaLabel:o,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]}]},{label:U,href:"/security-awareness-training/?msc=utility-nav",ariaLabel:U,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Di,href:"https://www.sans.edu/?msc=utility-nav",ariaLabel:Di,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ia,href:"https://isc.sans.edu/?msc=utility-nav",ariaLabel:Ia,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Fi,href:"https://www.giac.org/?msc=utility-nav",ariaLabel:Fi,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:zr,href:d,ariaLabel:zr,menu_item_type:zr,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Tt,href:Ga,ariaLabel:Tt,menu_item_type:T,page_reference:e,cssClass:e,openExternal:a,info:{heading:Tt,paragraph:ri,buttonTitle:N,url:Ga},teaser:{heading:vt,imgSrc:ii,details:li,link:Et},children:[{label:n,href:Ga,ariaLabel:Tr,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:y,href:E,ariaLabel:y,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:n,href:ws,ariaLabel:xs,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:sa,href:E,ariaLabel:sa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ra,href:Is,ariaLabel:ra,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:c,href:fn,ariaLabel:c,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:r,href:hn,ariaLabel:r,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:i,href:gn,ariaLabel:i,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ae,href:bn,ariaLabel:ae,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:l,href:yn,ariaLabel:l,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:te,href:Tn,ariaLabel:te,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:s,href:vn,ariaLabel:s,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:o,href:En,ariaLabel:o,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ne,href:Ln,ariaLabel:ne,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:ia,href:ks,ariaLabel:ia,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:se,href:Cn,ariaLabel:se,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:re,href:wn,ariaLabel:re,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:k,href:xn,ariaLabel:k,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ie,href:In,ariaLabel:ie,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:la,href:As,ariaLabel:la,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:p,href:oa,ariaLabel:p,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:A,href:kn,ariaLabel:A,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:S,href:An,ariaLabel:S,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:vt,href:Et,ariaLabel:Ss,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:Lt,href:qa,ariaLabel:Lt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:ca,href:qa,ariaLabel:ca,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:pa,href:Ps,ariaLabel:pa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:le,href:Sn,ariaLabel:le,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:oe,href:Pn,ariaLabel:oe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ce,href:Mn,ariaLabel:ce,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:pe,href:Rn,ariaLabel:pe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:de,href:Zn,ariaLabel:de,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:L,href:Dn,ariaLabel:L,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:da,href:Ms,ariaLabel:da,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:ue,href:Fn,ariaLabel:ue,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:me,href:On,ariaLabel:me,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:_e,href:Nn,ariaLabel:_e,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:fe,href:Un,ariaLabel:fe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:he,href:Wn,ariaLabel:he,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ge,href:Gn,ariaLabel:ge,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:be,href:qn,ariaLabel:be,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:s,href:zn,ariaLabel:s,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:ua,href:Rs,ariaLabel:ua,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:Ct,href:vr,ariaLabel:Ct,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:wt,href:za,ariaLabel:wt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:ma,href:Zs,ariaLabel:ma,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:_a,href:za,ariaLabel:_a,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:ye,href:Yn,ariaLabel:ye,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Te,href:Bn,ariaLabel:Te,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ve,href:Hn,ariaLabel:ve,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ee,href:Vn,ariaLabel:Ee,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:u,href:Jn,ariaLabel:u,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Le,href:Xn,ariaLabel:Le,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ce,href:jn,ariaLabel:Ce,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:we,href:Qn,ariaLabel:we,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:fa,href:Ds,ariaLabel:fa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:_,href:ha,ariaLabel:_,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:p,href:oa,ariaLabel:p,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:xt,href:Ya,ariaLabel:xt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:n,href:Ya,ariaLabel:n,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ga,href:Fs,ariaLabel:ga,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:f,href:ba,ariaLabel:f,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ya,href:Os,ariaLabel:ya,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:C,href:It,ariaLabel:C,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:ht,href:Wa,ariaLabel:ht,menu_item_type:T,page_reference:e,cssClass:e,openExternal:a,info:{heading:ht,paragraph:ei,buttonTitle:N,url:Wa},teaser:{heading:ai,imgSrc:ti,details:ni,link:si},children:[{label:n,href:Wa,ariaLabel:n,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:gt,href:br,ariaLabel:gt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:bt,href:yr,ariaLabel:bt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Ke,href:ys,ariaLabel:Ke,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:$e,href:Ts,ariaLabel:$e,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ea,href:vs,ariaLabel:ea,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Q,href:mn,ariaLabel:Q,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:K,href:v,ariaLabel:K,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:$,href:_n,ariaLabel:$,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]}]},{label:yt,href:ee,ariaLabel:yt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:aa,href:Es,ariaLabel:aa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ta,href:Ls,ariaLabel:ta,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:na,href:Cs,ariaLabel:na,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]}]},{label:dt,href:Na,ariaLabel:dt,menu_item_type:T,page_reference:e,cssClass:e,openExternal:a,info:{heading:dt,paragraph:Xr,buttonTitle:N,url:Na},teaser:{heading:jr,imgSrc:Qr,details:Kr,link:$r},children:[{label:n,href:Na,ariaLabel:n,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ut,href:Ua,ariaLabel:ut,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:U,href:Ua,ariaLabel:U,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:W,href:an,ariaLabel:W,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:G,href:tn,ariaLabel:G,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:Ve,href:hs,ariaLabel:Ve,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:q,href:nn,ariaLabel:q,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:z,href:sn,ariaLabel:z,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Y,href:rn,ariaLabel:Y,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:B,href:ln,ariaLabel:B,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:H,href:on,ariaLabel:H,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:V,href:cn,ariaLabel:V,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:J,href:pn,ariaLabel:J,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:Je,href:gs,ariaLabel:Je,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:X,href:dn,ariaLabel:X,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:j,href:un,ariaLabel:j,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]}]},{label:m,href:Xe,ariaLabel:m,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:mt,href:O,ariaLabel:mt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:n,href:O,ariaLabel:n,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:je,href:O,ariaLabel:je,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Qe,href:bs,ariaLabel:Qe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:h,href:fr,ariaLabel:h,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:_t,href:hr,ariaLabel:_t,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ft,href:gr,ariaLabel:ft,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:kt,href:ci,ariaLabel:kt,menu_item_type:T,page_reference:e,cssClass:e,openExternal:a,info:{heading:kt,paragraph:pi,buttonTitle:di,url:ui},teaser:{heading:mi,imgSrc:_i,details:fi,link:hi},children:[{label:n,href:Ue,ariaLabel:Er,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:At,href:Ba,ariaLabel:At,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Ta,href:Ba,ariaLabel:Ta,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:va,href:Ns,ariaLabel:va,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:xe,href:Kn,ariaLabel:xe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ie,href:$n,ariaLabel:Ie,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ke,href:es,ariaLabel:ke,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]}]},{label:Lr,href:Ha,ariaLabel:Cr,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Ea,href:Ha,ariaLabel:Ea,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:_,href:ha,ariaLabel:_,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:La,href:Us,ariaLabel:La,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:w,href:Ws,ariaLabel:w,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Gs,href:qs,ariaLabel:w,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:St,href:Ue,ariaLabel:St,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Ca,href:zs,ariaLabel:Ca,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Ae,href:as,ariaLabel:Ae,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Se,href:ts,ariaLabel:Se,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:m,href:Xe,ariaLabel:m,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:h,href:Ys,ariaLabel:h,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:wa,href:Bs,ariaLabel:wa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Pe,href:ns,ariaLabel:Pe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Me,href:ss,ariaLabel:Me,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Re,href:rs,ariaLabel:Re,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ze,href:is,ariaLabel:Ze,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:xa,href:Hs,ariaLabel:xa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:g,href:Va,ariaLabel:g,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:Ia,href:wr,ariaLabel:Ia,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Pt,href:Ue,ariaLabel:Pt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:b,href:Ja,ariaLabel:b,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ka,href:Xa,ariaLabel:ka,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:Mt,href:xr,ariaLabel:Mt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:De,href:Ir,ariaLabel:De,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:c,href:Vs,ariaLabel:c,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:r,href:ja,ariaLabel:r,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:i,href:Qa,ariaLabel:i,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:l,href:ee,ariaLabel:l,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Aa,href:Ka,ariaLabel:Aa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:s,href:v,ariaLabel:s,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:o,href:$a,ariaLabel:o,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Fe,href:Js,ariaLabel:Fe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]}]},{label:$t,href:at,ariaLabel:$t,menu_item_type:T,page_reference:e,cssClass:e,openExternal:a,info:{heading:$t,paragraph:Ei,buttonTitle:N,url:at},teaser:{heading:Fa,imgSrc:Li,details:Ci,link:wi},children:[{label:n,href:at,ariaLabel:n,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Fa,href:os,ariaLabel:Fa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Kt,href:Wr,ariaLabel:Kt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Qt,href:Ur,ariaLabel:Qt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:jt,href:Nr,ariaLabel:jt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Xt,href:Or,ariaLabel:Xt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Jt,href:Fr,ariaLabel:Jt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Vt,href:Dr,ariaLabel:Vt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:!0,teaser:a}]},{label:Rt,href:F,ariaLabel:Rt,menu_item_type:T,page_reference:e,cssClass:e,openExternal:a,info:{heading:Rt,paragraph:gi,buttonTitle:N,url:F},teaser:{heading:Oe,imgSrc:bi,details:yi,link:We},children:[{label:Oa,href:F,ariaLabel:Oa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:n,href:F,ariaLabel:n,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ge,href:cs,ariaLabel:Ge,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:qe,href:ps,ariaLabel:qe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:ze,href:ds,ariaLabel:ze,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ye,href:us,ariaLabel:Ye,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Be,href:ms,ariaLabel:Be,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:He,href:_s,ariaLabel:He,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:Zt,href:et,ariaLabel:Zt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Sa,href:et,ariaLabel:Sa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Pa,href:M,ariaLabel:Pa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:Dt,href:We,ariaLabel:Dt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Oe,href:We,ariaLabel:Oe,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ma,href:Xs,ariaLabel:Ma,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:f,href:ba,ariaLabel:f,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:x,href:Ne,ariaLabel:x,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Ra,href:Ne,ariaLabel:Ra,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Za,href:en,ariaLabel:Za,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Da,href:js,ariaLabel:Da,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]},{label:Ft,href:kr,ariaLabel:Ft,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:I,href:Ot,ariaLabel:I,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]}]},{label:Oi,href:"/cyber-security-skills-roadmap/?msc=main-nav",ariaLabel:Oi,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Pa,href:M,ariaLabel:Pa,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ni,href:"/security-awareness-training/products/cyber-risk-insight-suite/behavioral/?msc=main-nav",ariaLabel:Ni,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ui,href:"/hire-cyber-talent/?msc=main-nav",ariaLabel:Ui,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Wi,href:"/team-development/?msc=main-nav",ariaLabel:Wi,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Yr,href:d,ariaLabel:Yr,menu_item_type:Yr,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:$s,href:Ti,ariaLabel:$s,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ks,href:os,ariaLabel:Ks,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Qs,href:ls,ariaLabel:Qs,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a,children:[{label:Bt,href:ls,ariaLabel:Bt,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a},{label:Ht,href:Zr,ariaLabel:Ht,menu_item_type:t,page_reference:e,cssClass:e,openExternal:a,teaser:a}]}]}],courseDetailPageTemplate:{_version:87,locale:"en-us",uid:"blt324019296364930f",ACL:{},author_statement_heading:"Author Statement",course_runs:{top_button:{title:"Learn about Group Pricing",href:"/about/contact/sales/?msc=course-page-link"}},created_at:"2020-07-06T14:38:33.985Z",created_by:"blted501dec9919dc6b",find_training_banner:{header:"Find ways to take this course",description:e,online_button_label:qi,in_person_button_label:A,image_background:{_version:3,is_dir:a,uid:"blt3d3a7be41c430878",ACL:{},content_type:"image/jpeg",created_at:"2020-08-14T20:56:26.702Z",created_by:"bltab805ede5d6e2abf",description:e,file_size:"43075",filename:"CENTRAL_Find_Training_and_Testimonials_Banner_2.jpg",parent_uid:"blt7d10993a98e8282f",tags:[],title:"CENTRAL_Find_Training_and_Testimonials_Banner_2.jpg",updated_at:"2023-04-26T16:20:03.437Z",updated_by:"blt00f4f50ccae26b38",publish_details:{environment:"bltb11a43a128a4b050",locale:"en-us",time:"2024-09-11T13:40:54.774Z",user:"blt3fce71b3cc7d233d"},url:Gi}},heading_buttons:{course_demo_label:"Course Preview",register_now_label:"Register Now"},is_this_course_right_for_me:{header:"Is this course right for me?"},justifying_training:{description:"Use this justification letter template to share the key details of this training and certification opportunity with your boss.",download_button_label:"Download the Letter",header:"Need to justify a training request to your manager?"},modality_descriptions_above_course_runs:{in_person_description:"Training events and topical summits feature presentations and courses in classrooms around the world.",in_person_label:"In Person",in_person_link:{title:"Learn more",href:Zs},live_online_description:"Live, interactive sessions with SANS instructors over the course of one or more weeks, at times convenient to students worldwide.",live_online_label:S,live_online_link:{title:"Learn more",href:"/live-online/"},ondemand_description:"Study and prepare for GIAC Certification with four months of online access. Includes labs and exercises, and support.",ondemand_label:p,ondemand_link:{title:"Learn more",href:oa}},no_upcoming_runs_message:e,prerequisites_heading:"Prerequisites",related_programs:{dodd:{description:"See how this and other SANS Courses and GIAC Certifications align with the Department of Defense Directive 8140.",image:{_version:1,is_dir:a,uid:"blt207d0cb667e50e41",ACL:{},content_type:"image/png",created_at:"2020-08-14T20:36:03.321Z",created_by:"bltab805ede5d6e2abf",file_size:"5618",filename:"SANS_DoDD-Icon2.png",parent_uid:"blta0d15c24e1789ddc",tags:[],title:"SANS_DoDD-Icon2.png",updated_at:"2020-10-01T20:39:20.531Z",updated_by:"bltab805ede5d6e2abf",publish_details:{environment:"bltb11a43a128a4b050",locale:"en-us",time:"2024-09-11T13:40:54.774Z",user:"blt3fce71b3cc7d233d"},url:"https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt207d0cb667e50e41/5f36f5b33ee1a461e60b6585/SANS_DoDD-Icon2.png"},link:{title:"DoDD 8140",href:"https://www.sans.org/dodd-8140"},title:"DoDD 8140"},masters_program:{description:"This course and certification can be applied to a master's degree program at the SANS Technology Institute.",image:{_version:1,is_dir:a,uid:"blt02e5809a84f87fa5",ACL:{},content_type:"image/png",created_at:"2020-08-14T17:31:11.965Z",created_by:"bltab805ede5d6e2abf",file_size:"31926",filename:"SANS-Icons_SANS-EDU_FINAL.png",tags:[],title:"SANS-Icons_SANS-EDU_FINAL.png",updated_at:"2020-08-14T19:14:28.936Z",updated_by:"bltab805ede5d6e2abf",parent_uid:"blta0d15c24e1789ddc",publish_details:{environment:"bltb11a43a128a4b050",locale:"en-us",time:"2024-09-11T13:40:54.774Z",user:"blt3fce71b3cc7d233d"},url:"https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt02e5809a84f87fa5/5f36ca5f28ef1e01dfb52d1d/SANS-Icons_SANS-EDU_FINAL.png"},link:{title:"Masters Program",href:"https://www.sans.edu/academics/degrees/msise"},title:"Masters Program"},section_title:"Related Programs"},sidebar_who_should_attend_heading:"Who Should Attend",syllabus_heading:"Syllabus",tab_navigation:[{section:{section:"What You Will Learn",anchor:p0,_metadata:{uid:"cs964824308e612e87"},title:"What You Will Learn"}},{section:{section:"Course Syllabus",anchor:d0,_metadata:{uid:"csf3ecc336e1da0fbc"},title:"Syllabus"}},{section:{section:"GIAC Certification",anchor:"giac-certification",_metadata:{uid:"cs95f001853e3372bb"},title:"Certification"}},{section:{section:"Prerequisites",anchor:u0,_metadata:{uid:"cs4d459fe34e9e203b"},title:"Prerequisites"}},{section:{section:"Laptop Requirements",anchor:m0,_metadata:{uid:"cs974968f82392c49a"},title:"Laptop Requirements"}},{section:{section:"Author Statement",anchor:_0,_metadata:{uid:"csca180ae5ac858ccb"},title:"Author Statement"}},{section:{section:"Testimonials",anchor:"testimonials",_metadata:{uid:"cs7183835c9ae1ac83"},title:"Reviews"}},{section:{section:"Training & Pricing",anchor:f0,_metadata:{uid:"cs879284140183db4a"},title:"Training & Pricing"}}],tags:[],testimonials:{background_image:{_version:1,is_dir:a,uid:"bltb4758e88e32dfddc",ACL:{},content_type:"image/jpeg",created_at:"2020-08-14T16:00:50.607Z",created_by:"bltab805ede5d6e2abf",file_size:"681858",filename:"CENTRAL_Find_Training_and_Testimonials_Banner.jpg",tags:[],title:"CENTRAL_Find_Training_and_Testimonials_Banner.jpg",updated_at:"2020-10-01T20:39:46.455Z",updated_by:"bltab805ede5d6e2abf",parent_uid:"blt7d10993a98e8282f",publish_details:{environment:"bltb11a43a128a4b050",locale:"en-us",time:"2024-09-11T13:40:54.774Z",user:"blt3fce71b3cc7d233d"},url:"https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltb4758e88e32dfddc/5f36b532d9a24d7c67e517a4/CENTRAL_Find_Training_and_Testimonials_Banner.jpg"},header:"Reviews",sub_header:e},testimonials_heading:"Reviews",title:"Course Detail Template",updated_at:"2024-09-11T13:40:18.812Z",updated_by:"blt3fce71b3cc7d233d",video_button_title:"SANS Video",ways_to_learn:{id15:"Did someone say ALL-ACCESS? On-site immersion via in-classroom course sessions led by world-class SANS instructors fill your day, while bonus receptions and workshops fill your evenings. ",id20:"The full SANS experience live at home! Get the ultimate in virtual, interactive SANS courses with leading SANS instructors via live stream. Following class, plan to kick back and enjoy a keynote from the couch. ",id25:"Cybersecurity learning – at YOUR pace! OnDemand provides unlimited access to your training wherever, whenever. All labs, exercises, and live support from SANS subject matter experts included.",header:"Ways to Learn",in_person_training_and_pricing_link_text:"View Available Dates & Locations",live_online_training_and_pricing_link_text:"View Available Dates & Time Zones",ondemand_training_and_pricing_link_text:"Register Now"},what_you_will_learn_heading:"What You Will Learn",publish_details:{environment:"bltb11a43a128a4b050",locale:"en-us",time:"2024-09-11T13:40:54.774Z",user:"blt3fce71b3cc7d233d"}},courseDetail:{data:{uid:"blt0609678cd3a3d8ac",course_id:1450,justification_letter:"https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/blt34981ff64188901a/660683e518980f44f7201995/SANS_Justify_Training_FOR577.docx",assessment:P,focus_area:[{uid:"blt64479f3f6bea90c6",ACL:{},display_title:"Digital Forensics, Incident Response & Threat Hunting",parent:[],slug:"digital-forensics",tags:[],title:"Digital Forensics and Incident Response (DFIR) (Top Level)"}],testimonials:[],topic:[],metainfo:{browser_title:"FOR577: Linux Incident Response & Threat Hunting | SANS Institute",meta_description:"FOR577 teaches the skills needed to identify, analyze, and respond to attacks on Linux platforms and how to use threat-hunting techniques to find even the stealthiest attacker.",social_image:"https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltf9dc0da8d0b3a77a/65f857e996251b7c0971ff1e/FOR577_Curriculum_Course_Social_Cards_DFIR-Final-Keyobard-Generic.jpg"},label:[{uid:"blt9f3bc507f34df7c8",display_title:"New",title:"New",slug:"new",color:"Yellow",order:1}],title:tr,url:"/linux-threat-hunting-incident-response",catalog:R,slug:"linux-threat-hunting-incident-response",giac:P,giac_logo:P,giac_cert_name:P,giac_description:P,giac_type:P,giac_url:P,giac_areas_covered:P,has_cyber_guardian:a,dod:"0",has_giac:a,has_sti:a,icon:e,intro:Ji,notice_box:e,course_specifics:[{uid:"blt6f576d75de14c40b",ACL:{},author_statement:a0,course_brochure:{is_dir:a,uid:"bltc0b4fe7e481696e2",ACL:{},content_type:"application/pdf",description:e,file_size:"124110",filename:o0,parent_uid:"bltcbf36a9b50cf15b8",tags:[],title:o0,url:Bi},intro:Ji,labs:e,laptop_requirements:'<h5>Important - Bring Your System Configured Using These Directions</h5><p>A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Therefore, we strongly urge you to arrive with a system meeting all the requirements specified for the course.</p><p>As a summary, you can use any operating system that also can install and run VMware virtualization products. <strong>Please note, macOS computers with M1/M2/M3 chips are not currently supported and cannot run the virtual machines provided for this course.</strong></p><p>Please download and install <a href="https://www.vmware.com/products/workstation-pro.html" target="_blank">VMware Workstation 15</a> or <a href="https://www.vmware.com/products/fusion.html" target="_blank">VMware Fusion 7</a> or higher versions on your system before the start of the class. If you do not own a licensed copy of VMware Workstation or Fusion, you can download a free 30-day trial copy from VMware. VMware will send you a time-limited serial number if you register for the trial on its website.</p><p>This is common sense, but we will say it anyway: Back up your system before class. Better yet, do not have any sensitive data stored on the system. SANS cannot be responsible for your system or data.</p><h5>Mandatory FOR577 System Hardware Requirements:</h5><ul><li>CPU: 64-bit Intel i5/i7 x64 2.0+ GHz (4th generation or above) processor or higher-based system is mandatory for this class (Important - Please Read: a 64-bit system processor is mandatory)</li><li><strong>CRITICAL NOTE: Apple Silicon devices cannot perform the necessary virtualization and therefore cannot in any way be used for this course.</strong></li><li>BIOS settings must be set to enable virtualization technology, such as "Intel-VT." Be absolutely certain you can access your BIOS if it is password protected, in case changes are necessary.</li><li>16 GB of RAM or more is required.</li><li>350GB of free storage space or more is required.</li><li><span></span>At least one available USB 3.0 Type-A port. A Type-C to Type-A adapter may be necessary for newer laptops. Some endpoint protection software prevents the use of USB devices, so test your system with a USB drive before class.</li><li><span>Wireless networking (802.11 standard) is required. There is no wired Internet access in the classroom. Local Administrator Access is required. This is absolutely required. Don\'t let your IT team tell you otherwise. If your company will not permit this access for the duration of the course, then you should make arrangements to bring a different laptop.</span></li><li><span>Local Administrator Access is required. This is absolutely required. Don\'t let your IT team tell you otherwise. If your company will not permit this access for the duration of the course, then you should make arrangements to bring a different laptop.</span></li><li><span>PLEASE NOTE: Do NOT use the version of the SIFT Workstation downloaded from the Internet. We will provide a custom FOR577 version specifically configured for training on Day 1 of the course.</span></li></ul><h5>Mandatory FOR577 System Software Requirements (Please install the following before the beginning of the class):</h5><ol><li>Install <a href="https://www.vmware.com/products/workstation-pro.html" target="_blank">VMware Workstation 15</a> or <a href="https://www.vmware.com/products/workstation-pro.html" target="_blank">VMware Fusion 7</a> (or a higher version)</li><li>Download and install <a href="https://7-zip.org/" target="_blank">7Zip</a> on your host.</li></ol><p><strong>Additional notes:</strong></p><ul><li>Your course media is delivered via download from the SANS "Course Material Downloads" page. The media files for class will be large, in the 40 - 50 GB range. You need to allow plenty of time for the download to complete. Internet connections and speeds vary greatly and are dependent on many different factors. Therefore, it is not possible to give an estimate of the length of time it will take to download your materials. Please start your course media downloads as soon as you get the link. You will need your course media immediately on the first day of class. Waiting until the night before the class starts to begin your download has a high probability of failure.</li><li>SANS has begun providing printed materials in PDF form. This course uses an electronic workbook in addition to the PDFs. We have found that a second monitor and/or a tablet device can be useful for keeping the class materials visible while the instructor is presenting or while you are working on lab exercises.</li><li>Bring/install any other forensic tool you feel could be useful (EnCase, FTK, etc.). For the final challenge at the end of the course, you can utilize any forensic tool, including commercial capabilities. If you have any dongles, licensed software, you are free to use them.</li><li>Again, DO NOT use the version of the SIFT Workstation downloaded from the Internet. We will provide you with a version specifically configured for the FOR577 materials on Day 1 of the course.</li></ul><p>If you have additional questions about the laptop specifications, please contact <a href="https://www.sans.org/about/contact/" target="_self">customer service</a>.</p>',notice_box:e,overview:Yi,overview_tipdowns:[],prerequisites:zi,pricing_intro:e,show_unused_fields:a,syllabus:[{section_name:t0,_metadata:{uid:"csc26cc4a2f1678f06"},cpe_credits:6,section_overview:"<p>Incident responders and threat hunters should be armed with the latest tools, techniques, and processes (TTPs) to identify, track, and contain advanced adversaries and to remediate incidents. It is important that our DFIR knowledge includes our own TTPs and those used by our adversaries. Section 1 introduces the fundamentals of incident response and then looks at the specific needs to carry out our duties in a Linux environment. The section starts by examining the reasons why we need incident response and presents SANS' six-step incident response methodology as it applies to an enterprise's response to a targeted attack. </p><p>This section will also introduce the Stark Skunkworks intrusion scenario, which sets the stage for our lab exercises and capstone challenge. This is followed by looking at how, as incident responders, we can use the Linux command line to our advantage and analyze common activity such as installing specific software packages. </p><p>We finish the section by looking at the importance of developing cyber threat intelligence to impact the adversaries' kill chain. We'll demonstrate forensic live response techniques and tactics that can be applied both to single systems and across the entire enterprise. </p>",section_exercises:"<ul><li>SIFT Workstation orientation</li><li>Situational awareness in incident response: Understanding Stark Skunkworks</li><li>Introduction to Linux commands and how to use them in Digital Forensics and Incident Response (DFIR)</li><li>Reviewing package management evidence</li><li>Threat intelligence and threat hunting</li></ul>",section_topics:'<ul><li>Why Incident Response Is Needed<ul><li>Who are our adversaries?</li><li><span>The current state of Linux intrusions</span></li></ul></li><li>The Incident Response Process<ul><li><span>Preparation: Key tools, techniques, and procedures that an incident response team needs to respond properly to intrusions</span></li><li><span>Identification/Scoping: Proper scoping of an incident and detecting all compromised systems in the enterprise</span></li><li><span>Containment/Intelligence Development: Restricting access, monitoring, and learning about the adversary in order to develop threat intelligence</span></li><li><span>Eradication/Remediation: Determining and executing key steps that must be taken to help stop the current incident and then move to real-time remediation</span></li><li><span>Recovery: Recording the threat intelligence to be used in the event of a similar adversary returning to the enterprise</span></li><li><span>Avoiding "Whack-A-Mole" Incident Response: Going beyond immediate eradication without proper incident scoping/containment</span></li></ul></li><li>SRL Skunkworks<ul><li><span>Introduction to the course scenario</span></li><li><span>Client background</span></li></ul></li><li>Introduction to Linux<ul><li><span>Linux basics</span></li><li><span>DFIR challenges</span></li><li><span>The distro problem</span></li><li><span>Linux terminal basics</span></li></ul></li><li>Package Management<ul><li><span>Distro differences</span></li><li><span>Package management tool differences</span></li><li><span>Manual analysis</span></li></ul></li><li>Threat Intelligence and Host-based Threat Hunting<ul><li><span>Hunting vs. reactive response</span></li><li><span>Intelligence-driven incident response</span></li><li><span>Building a continuous incident response/threat hunting capability</span></li><li><span>Forensic analysis versus threat hunting across endpoints</span></li><li><span>Threat hunt team roles</span></li></ul></li></ul>'},{section_name:n0,_metadata:{uid:"cs3324e2ba55c595f4"},cpe_credits:6,section_overview:'<p align="left">Disk evidence collection and analysis skills are crucial for incident responders, forensic investigators, and threat hunters because they allow for identifying the source and scope of a security breach. Digital forensic experts need to collect and preserve data from disk storage devices such as hard drives, solid-state drives, and USB drives in order to determine how an attack occurred, what data was accessed or stolen, and who was responsible. Without this critical evidence, it is challenging to reconstruct the events leading up to the breach and determine the necessary steps to prevent similar incidents from happening in the future.</p><p align="left">Moreover, disk analysis skills help responders and investigators identify the type of malware or malicious code used in the attack. This information is essential to determine the tactics, techniques, and procedures used by the attackers and their motivations. By analyzing the data stored on disks, responders and investigators can identify suspicious files, unusual network traffic patterns, and other indicators of compromise. They can then use this information to develop countermeasures to mitigate the risk of further attacks.</p><p align="left">Fundamentally, the ability to collect evidence from disks is critical for DFIR because most digital evidence is stored on disk storage devices, making the devices an essential source of information for responders, investigators, and threat hunters. Even if you just need to collect log data, being able to collect it from a disk image opens up opportunities for a broad range of incident response solutions. In addition, disk storage devices often hold deleted files and other remnants of past activities, which can provide valuable clues to the sequence of events leading up to an incident.</p><p></p>',section_exercises:"<ul><li>Introduction to the Sleuth Kit </li><li>Reviewing filesystem data </li><li>Disk evidence collection</li><li>Reviewing operating system filesystems</li></ul>",section_topics:"<ul><li>The Sleuth Kit<ul><li><span>Introduction and the layers model</span></li><li><span>Filesystem layer tools</span></li><li><span>Filename layer tools</span></li><li><span>Metadata layer tools</span></li><li><span>Data units layer tools</span></li><li>Application layer tools</li></ul></li></ul><ul><li>Linux File Systems<ul><li>Overview</li><li>Basic structures - superblocks and inodes</li><li><span>Ext family</span></li><li><span>XFS family</span></li><li><span>Manually extracting data</span></li></ul></li><li>Disk Evidence Collection<ul><li><span>Physical vs. virtual systems</span></li><li>dd</li><li><span>dcfldd</span></li><li><span>dc3dd</span></li><li><span>Ewfacquire</span></li></ul></li><li>Image Mounting<ul><li><span>RAW/Simple files</span></li><li><span>E01 format evidence files</span></li><li><span>Complex files</span></li></ul></li><li>Operating System File Structures<ul><li><span>File system hierarchy</span></li><li><span>Boot file locations</span></li><li><span>Binary file locations</span></li><li><span>Configuration file locations</span></li><li><span>Devices and driver file locations</span></li><li><span>Shared libraries</span></li><li><span>User profiles</span></li><li><span>Optionally installed files</span></li><li><span>Temporary file locations</span></li><li><span>Runtime data</span></li></ul></li><li>File System Artifacts<ul><li><span>Hunting tips</span></li><li><span>Areas to investigate</span></li></ul></li></ul>"},{section_name:s0,_metadata:{uid:"csfb6e6001aec63247"},cpe_credits:6,section_overview:"<p>Section 3 looks at how to use the data logged by the operating system to profile the device and analyze boot sequences, kernel activity, logins and user events. The section covers default log data, Auditd (although this isn't enabled by default on all Linux distros, you should definitely consider turning it on) and the Operating System Journal. </p><p>Log data is a fundamental evidence source for incident response and threat hunting. It allows investigators to understand what happened and when it happened. Using built-in capabilities, we can peel back the actions of our adversaries and, with well-configured logging, make it almost impossible for an attacker to completely hide from our investigation. Unfortunately, Linux logging can be significantly different from what we are used to -- especially if we have come from a Windows DFIR background. Significant issues faced by investigators include the different ways Linux distro's log data and a mix between UTC and local timestamps. This section will look at strategies you can implement to manage and mitigate these issues.</p>",section_exercises:"<ul><li>System and log profiling</li><li>Reviewing system logs</li><li>Analyzing authentication logs</li><li>Reviewing webserver logs</li><li>Reviewing database logs</li><li>AuditD logs the Journal</li></ul>",section_topics:"<ul><li>Device Profiling<ul><li><p>Evidence management</p></li><li><span>Confirm the device</span></li><li><span>Check time zones</span></li><li><span>Validate the distro</span></li></ul></li></ul><ul><li>Linux Logs<ul><li><span>Linux logging basics</span></li><li><span>Log analysis strategies</span></li><li><span>Syslog and Logrotate</span></li><li><span>Global system logs -- logging the kernel, boot processes, system messages and background services</span></li><li><span>Authentication logs -- authentication, privilege use, binary and plain text log formats</span></li><li><span>Application logs -- webservers, databases, filesharing and firewall logs</span></li></ul></li><li><p>Auditd</p><ul><li><span>Introduction</span></li><li><span>Log file format</span></li><li><span>Analysis techniques</span></li></ul></li></ul><ul><li>The Operating System Journal<ul><li><span>Introduction</span></li><li><span>How the journal works</span></li><li><span>What gets logged</span></li><li><span>Analysis techniques</span></li></ul></li></ul>"},{section_name:r0,_metadata:{uid:"csd564325e54ad98d3"},cpe_credits:6,section_overview:'<p align="left">Section 4 expands on the knowledge we have built so far and introduces tools and techniques to respond to intrusions in larger enterprises. The section starts by looking at how to scale your response and some of the tools that can assist with this. This topic is then developed further as we move into Endpoint Detection and Response (EDR) solutions for the Linux environment and introduce two alternatives to expensive commercial EDR tools -- OSSEC and Velociraptor. We\'ll cover how to configure and deploy both tools, enabling you to make sure that all your Linux devices have good quality monitoring and response capabilities.</p><p align="left">Finally, this section looks at Linux memory structures and how to collect volatile data for analysis. Given that this can be a complex process, and that analytical tools today are still not what they should be, we also look at using live response techniques to view this data on a target system. This has the added benefit of being something we can leverage through EDR tools, reducing the time and bandwidth required to capture memory from systems where the installed RAM could be running in the hundreds of gigabytes.</p><p></p>',section_exercises:"<ul><li>EDR Tools</li><li>Capturing RAM</li><li>Live memory analysis</li></ul>",section_topics:"<ul><li>Enterprise Response<ul><li><span>Introduction</span></li><li><span>Problems and solutions</span></li><li><span>Tools to consider</span></li></ul></li><li>Endpoint Detection and Response (EDR)<ul><li><span>Introduction</span></li><li><span>Linux EDR issues</span></li><li><span>Alternatives to commercial EDR</span></li><li><span>OSSEC deployment and use</span></li><li><span>Velociraptor deployment and use</span></li></ul></li><li>Linux Memory and DFIR<ul><li><span>Why memory matters</span></li><li><span>Memory acquisition with AVML</span></li><li><span>Memory locations on the filesystem</span></li></ul></li><li>Live memory analysis<ul><li><span>Reviewing /proc</span></li><li><span>Live response workflow</span></li></ul></li></ul>"},{section_name:i0,_metadata:{uid:"cs61c2486f017eee76"},cpe_credits:6,section_overview:'<p align="left">This course section builds on the previous sections by looking at how we can use our increased knowledge to enhance our incident response work. We start by looking at triage, which is essential for any modern incident response, especially in large enterprises. We introduce the concept of rapidly assessing systems to make quick decisions about which devices need further investigation. This approach allows us to quickly work through large environments and focus our investigative efforts where they provide maximum value. We\'ll also look at freely available tools that help facilitate triage and improve response times.</p><p align="left">The section then moves to looking at timeline generation. Timelines are arguably an incident responder\'s superpower, allowing you to uncover some of the deepest secrets about an attack. We will look at two basic methods for building timelines and how to analyze them effectively.</p><p align="left">Once we understand the timelines, we will look at how attackers try to defeat them, then examine the most common anti-forensic techniques and how incident responders can minimize their impact on the investigation. We close the section with a broad discussion on how to make incident response in Linux better.</p><p></p>',section_exercises:"<ul><li>Running triage tools</li><li>Triage assessment</li><li>Filesystem timelines</li><li>Super timeline creation</li><li>Super timeline analysis</li></ul>",section_topics:"<ul><li>Triage and DFIR Tools<ul><li><span>Introduction and concepts</span></li><li><span>Workflow</span></li><li><span>Collecting the data</span></li><li><span>Open-source triage tools</span></li><li><span>CyLR</span></li><li><span>GRR</span></li><li><span>Velociraptor offline collectors</span></li><li><span>Dissect</span></li><li><span>Triage with UAC</span></li><li><span>Build your own triage scripts</span></li></ul></li><li>Timelines<ul><li><span>Introduction</span></li><li><span>Types of timelines</span></li><li><span>Filesystem timeline creation and analysis</span></li><li><span>Super-timeline creation and analysis</span></li><li><span>Targeted timeline creation</span></li></ul></li><li>Anti-Forensics<ul><li><span>What to look for</span></li><li><span>Timestamp manipulation</span></li><li><span>Recovering deleted files</span></li></ul></li><li>Improving Incident Response<ul><li><span>Workflows</span></li><li><span>Hardening the environment</span></li></ul></li></ul>"},{section_name:l0,_metadata:{uid:"cs560140f03b8f9c52"},cpe_credits:6,section_overview:"<p>This incredibly rich and realistic Intrusion Forensic Challenge is based on a real-world advanced persistent threat (APT) group. It brings together techniques learned throughout the course and tests your newly acquired skills in a case that simulates an attack by an advanced adversary. The challenge is based on a real intrusion into a Linux enterprise environment. You will be asked to uncover how the systems were compromised in the initial intrusion, find other systems the adversary moved to laterally, and identify intellectual property stolen via data exfiltration. This capstone exercise will enable you to leave the course with hands-on experience investigating realistic attacks, curated by a cadre of instructors with decades of experience fighting advanced threats from attackers ranging from nation-states to financial crime syndicates and hactivist groups.</p>",section_exercises:e,section_topics:'<ul><li>Work in incident response teams to analyze multiple systems in an enterprise network</li><li>Learn to identify and track attacker actions across a multi-device environment finding initial exploitation, reconnaissance, persistence, privilege escalation, lateral movement, and data theft/exfiltration</li><li>Witness and participate in a team-based approach to incident response</li><li>Discover evidence of some of the most common and sophisticated attacks in the wild, including custom nation-state malware.</li><li>Each team will be asked to answer key questions, just as they would during a real breach in their organizations, in critical areas outlined below:</li></ul><h6>Identification and Scoping:</h6><ul><li>When did the APT group breach our network?</li><li>How did the attackers get into the environment?</li><li>What systems were compromised?</li><li>What accounts and privileges did the attackers attain on each system?</li><li>When and how did the attackers first laterally move to each system?</li></ul><h6>Containment and Threat Intelligence Gathering:</h6><ul><li>Once on other systems, what did the attackers look for on each system?</li><li>What data was exfiltrated and how? Determine what was stolen (recover any archives exfiltrated, find encoding passwords, and extract the contents to verify extracted data) and perform damage assessments.</li><li>Collect and list all malware used in the attack.</li><li>Develop and present security intelligence or an indicator of compromise for the APT group "beacon" malware for both host- and network-based enterprise scoping. What specific indicators exist for the use of this malware?</li></ul><h6>Remediation and Recovery:</h6><ul><li>What accounts need password changes? Did any malicious accounts get created?</li><li>Based on the attacker techniques and tools discovered during the incident, what are the recommended steps to remediate and recover from this incident?<ul><li><span>What systems need to be rebuilt?</span></li><li><span>What IP addresses need to be blocked?</span></li><li><span>What countermeasures should we deploy to slow or stop these attackers if they come back?</span></li><li><span>What recommendations would you make to detect these intruders in our network again?</span></li></ul></li></ul>'}],tags:[],teaser:c0,title:"FOR577_I01_01",who_should_attend:e0}],models:"MDS,OLT,CYBER",delivery_method_groups:"15,In Person,in_person,3|20,Live Online,live_online,2|25,OnDemand,ondemand,1",additional_training_formats:[],product_id:5715,has_demo:!0,brochure:Bi,description_id:4215,authors:[{uid:"bltfec3f8423a1d163e",first_name:"Tarot (Taz)",last_name:"Wake"}],elements:{ELEMENT_TYPES_AUTHOR_STATEMENT:a0,ELEMENT_TYPES_LAPTOP_DESCRIPTION:'<h5>Important - Bring Your System Configured Using These Directions</h5><p>A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Therefore, we strongly urge you to arrive with a system meeting all the requirements specified for the course.</p><p>As a summary, you can use any operating system that also can install and run VMware virtualization products. <strong>Please note, macOS computers with M1/M2/M3 chips are not currently supported and cannot run the virtual machines provided for this course.</strong></p><p>Please download and install <a href="https://www.vmware.com/products/workstation-pro.html" target="_blank" rel="nofollow" class="external-link">VMware Workstation 15</a> or <a href="https://www.vmware.com/products/fusion.html" target="_blank" rel="nofollow" class="external-link">VMware Fusion 7</a> or higher versions on your system before the start of the class. If you do not own a licensed copy of VMware Workstation or Fusion, you can download a free 30-day trial copy from VMware. VMware will send you a time-limited serial number if you register for the trial on its website.</p><p>This is common sense, but we will say it anyway: Back up your system before class. Better yet, do not have any sensitive data stored on the system. SANS cannot be responsible for your system or data.</p><h5>Mandatory FOR577 System Hardware Requirements:</h5><ul><li>CPU: 64-bit Intel i5/i7 x64 2.0+ GHz (4th generation or above) processor or higher-based system is mandatory for this class (Important - Please Read: a 64-bit system processor is mandatory)</li><li><strong>CRITICAL NOTE: Apple Silicon devices cannot perform the necessary virtualization and therefore cannot in any way be used for this course.</strong></li><li>BIOS settings must be set to enable virtualization technology, such as "Intel-VT." Be absolutely certain you can access your BIOS if it is password protected, in case changes are necessary.</li><li>16 GB of RAM or more is required.</li><li>350GB of free storage space or more is required.</li><li><span></span>At least one available USB 3.0 Type-A port. A Type-C to Type-A adapter may be necessary for newer laptops. Some endpoint protection software prevents the use of USB devices, so test your system with a USB drive before class.</li><li><span>Wireless networking (802.11 standard) is required. There is no wired Internet access in the classroom. Local Administrator Access is required. This is absolutely required. Don\'t let your IT team tell you otherwise. If your company will not permit this access for the duration of the course, then you should make arrangements to bring a different laptop.</span></li><li><span>Local Administrator Access is required. This is absolutely required. Don\'t let your IT team tell you otherwise. If your company will not permit this access for the duration of the course, then you should make arrangements to bring a different laptop.</span></li><li><span>PLEASE NOTE: Do NOT use the version of the SIFT Workstation downloaded from the Internet. We will provide a custom FOR577 version specifically configured for training on Day 1 of the course.</span></li></ul><h5>Mandatory FOR577 System Software Requirements (Please install the following before the beginning of the class):</h5><ol><li>Install <a href="https://www.vmware.com/products/workstation-pro.html" target="_blank" rel="nofollow" class="external-link">VMware Workstation 15</a> or <a href="https://www.vmware.com/products/workstation-pro.html" target="_blank" rel="nofollow" class="external-link">VMware Fusion 7</a> (or a higher version)</li><li>Download and install <a href="https://7-zip.org/" target="_blank" rel="nofollow" class="external-link">7Zip</a> on your host.</li></ol><p><strong>Additional notes:</strong></p><ul><li>Your course media is delivered via download from the SANS "Course Material Downloads" page. The media files for class will be large, in the 40 - 50 GB range. You need to allow plenty of time for the download to complete. Internet connections and speeds vary greatly and are dependent on many different factors. Therefore, it is not possible to give an estimate of the length of time it will take to download your materials. Please start your course media downloads as soon as you get the link. You will need your course media immediately on the first day of class. Waiting until the night before the class starts to begin your download has a high probability of failure.</li><li>SANS has begun providing printed materials in PDF form. This course uses an electronic workbook in addition to the PDFs. We have found that a second monitor and/or a tablet device can be useful for keeping the class materials visible while the instructor is presenting or while you are working on lab exercises.</li><li>Bring/install any other forensic tool you feel could be useful (EnCase, FTK, etc.). For the final challenge at the end of the course, you can utilize any forensic tool, including commercial capabilities. If you have any dongles, licensed software, you are free to use them.</li><li>Again, DO NOT use the version of the SIFT Workstation downloaded from the Internet. We will provide you with a version specifically configured for the FOR577 materials on Day 1 of the course.</li></ul><p>If you have additional questions about the laptop specifications, please contact <a href="https://www.sans.org/about/contact/" target="_self">customer service</a>.</p>',ELEMENT_TYPES_OVERVIEW:Yi,ELEMENT_TYPES_PREREQUISITES:zi,ELEMENT_TYPES_TEASER:c0,ELEMENT_TYPES_WHO_SHOULD_ATTEND:e0},sections:[{order:1,course_id:1450,name:t0,cpe_credits:"6.0",ELEMENT_TYPES_OVERVIEW:"<p>Incident responders and threat hunters should be armed with the latest tools, techniques, and processes (TTPs) to identify, track, and contain advanced adversaries and to remediate incidents. It is important that our DFIR knowledge includes our own TTPs and those used by our adversaries. Section 1 introduces the fundamentals of incident response and then looks at the specific needs to carry out our duties in a Linux environment. The section starts by examining the reasons why we need incident response and presents SANS' six-step incident response methodology as it applies to an enterprise's response to a targeted attack. </p><p>This section will also introduce the Stark Skunkworks intrusion scenario, which sets the stage for our lab exercises and capstone challenge. This is followed by looking at how, as incident responders, we can use the Linux command line to our advantage and analyze common activity such as installing specific software packages. </p><p>We finish the section by looking at the importance of developing cyber threat intelligence to impact the adversaries' kill chain. We'll demonstrate forensic live response techniques and tactics that can be applied both to single systems and across the entire enterprise. </p>",ELEMENT_TYPES_EXERCISES:"<ul><li>SIFT Workstation orientation</li><li>Situational awareness in incident response: Understanding Stark Skunkworks</li><li>Introduction to Linux commands and how to use them in Digital Forensics and Incident Response (DFIR)</li><li>Reviewing package management evidence</li><li>Threat intelligence and threat hunting</li></ul>",ELEMENT_TYPES_SECTION_TOPICS:'<ul><li>Why Incident Response Is Needed<ul><li>Who are our adversaries?</li><li><span>The current state of Linux intrusions</span></li></ul></li><li>The Incident Response Process<ul><li><span>Preparation: Key tools, techniques, and procedures that an incident response team needs to respond properly to intrusions</span></li><li><span>Identification/Scoping: Proper scoping of an incident and detecting all compromised systems in the enterprise</span></li><li><span>Containment/Intelligence Development: Restricting access, monitoring, and learning about the adversary in order to develop threat intelligence</span></li><li><span>Eradication/Remediation: Determining and executing key steps that must be taken to help stop the current incident and then move to real-time remediation</span></li><li><span>Recovery: Recording the threat intelligence to be used in the event of a similar adversary returning to the enterprise</span></li><li><span>Avoiding "Whack-A-Mole" Incident Response: Going beyond immediate eradication without proper incident scoping/containment</span></li></ul></li><li>SRL Skunkworks<ul><li><span>Introduction to the course scenario</span></li><li><span>Client background</span></li></ul></li><li>Introduction to Linux<ul><li><span>Linux basics</span></li><li><span>DFIR challenges</span></li><li><span>The distro problem</span></li><li><span>Linux terminal basics</span></li></ul></li><li>Package Management<ul><li><span>Distro differences</span></li><li><span>Package management tool differences</span></li><li><span>Manual analysis</span></li></ul></li><li>Threat Intelligence and Host-based Threat Hunting<ul><li><span>Hunting vs. reactive response</span></li><li><span>Intelligence-driven incident response</span></li><li><span>Building a continuous incident response/threat hunting capability</span></li><li><span>Forensic analysis versus threat hunting across endpoints</span></li><li><span>Threat hunt team roles</span></li></ul></li></ul>'},{order:2,course_id:1450,name:n0,cpe_credits:"6.0",ELEMENT_TYPES_OVERVIEW:'<p align="left">Disk evidence collection and analysis skills are crucial for incident responders, forensic investigators, and threat hunters because they allow for identifying the source and scope of a security breach. Digital forensic experts need to collect and preserve data from disk storage devices such as hard drives, solid-state drives, and USB drives in order to determine how an attack occurred, what data was accessed or stolen, and who was responsible. Without this critical evidence, it is challenging to reconstruct the events leading up to the breach and determine the necessary steps to prevent similar incidents from happening in the future.</p><p align="left">Moreover, disk analysis skills help responders and investigators identify the type of malware or malicious code used in the attack. This information is essential to determine the tactics, techniques, and procedures used by the attackers and their motivations. By analyzing the data stored on disks, responders and investigators can identify suspicious files, unusual network traffic patterns, and other indicators of compromise. They can then use this information to develop countermeasures to mitigate the risk of further attacks.</p><p align="left">Fundamentally, the ability to collect evidence from disks is critical for DFIR because most digital evidence is stored on disk storage devices, making the devices an essential source of information for responders, investigators, and threat hunters. Even if you just need to collect log data, being able to collect it from a disk image opens up opportunities for a broad range of incident response solutions. In addition, disk storage devices often hold deleted files and other remnants of past activities, which can provide valuable clues to the sequence of events leading up to an incident.</p><p></p>',ELEMENT_TYPES_EXERCISES:"<ul><li>Introduction to the Sleuth Kit </li><li>Reviewing filesystem data </li><li>Disk evidence collection</li><li>Reviewing operating system filesystems</li></ul>",ELEMENT_TYPES_SECTION_TOPICS:"<ul><li>The Sleuth Kit<ul><li><span>Introduction and the layers model</span></li><li><span>Filesystem layer tools</span></li><li><span>Filename layer tools</span></li><li><span>Metadata layer tools</span></li><li><span>Data units layer tools</span></li><li>Application layer tools</li></ul></li></ul><ul><li>Linux File Systems<ul><li>Overview</li><li>Basic structures - superblocks and inodes</li><li><span>Ext family</span></li><li><span>XFS family</span></li><li><span>Manually extracting data</span></li></ul></li><li>Disk Evidence Collection<ul><li><span>Physical vs. virtual systems</span></li><li>dd</li><li><span>dcfldd</span></li><li><span>dc3dd</span></li><li><span>Ewfacquire</span></li></ul></li><li>Image Mounting<ul><li><span>RAW/Simple files</span></li><li><span>E01 format evidence files</span></li><li><span>Complex files</span></li></ul></li><li>Operating System File Structures<ul><li><span>File system hierarchy</span></li><li><span>Boot file locations</span></li><li><span>Binary file locations</span></li><li><span>Configuration file locations</span></li><li><span>Devices and driver file locations</span></li><li><span>Shared libraries</span></li><li><span>User profiles</span></li><li><span>Optionally installed files</span></li><li><span>Temporary file locations</span></li><li><span>Runtime data</span></li></ul></li><li>File System Artifacts<ul><li><span>Hunting tips</span></li><li><span>Areas to investigate</span></li></ul></li></ul>"},{order:3,course_id:1450,name:s0,cpe_credits:"6.0",ELEMENT_TYPES_OVERVIEW:"<p>Section 3 looks at how to use the data logged by the operating system to profile the device and analyze boot sequences, kernel activity, logins and user events. The section covers default log data, Auditd (although this isn't enabled by default on all Linux distros, you should definitely consider turning it on) and the Operating System Journal. </p><p>Log data is a fundamental evidence source for incident response and threat hunting. It allows investigators to understand what happened and when it happened. Using built-in capabilities, we can peel back the actions of our adversaries and, with well-configured logging, make it almost impossible for an attacker to completely hide from our investigation. Unfortunately, Linux logging can be significantly different from what we are used to -- especially if we have come from a Windows DFIR background. Significant issues faced by investigators include the different ways Linux distro's log data and a mix between UTC and local timestamps. This section will look at strategies you can implement to manage and mitigate these issues.</p>",ELEMENT_TYPES_EXERCISES:"<ul><li>System and log profiling</li><li>Reviewing system logs</li><li>Analyzing authentication logs</li><li>Reviewing webserver logs</li><li>Reviewing database logs</li><li>AuditD logs the Journal</li></ul>",ELEMENT_TYPES_SECTION_TOPICS:"<ul><li>Device Profiling<ul><li><p>Evidence management</p></li><li><span>Confirm the device</span></li><li><span>Check time zones</span></li><li><span>Validate the distro</span></li></ul></li></ul><ul><li>Linux Logs<ul><li><span>Linux logging basics</span></li><li><span>Log analysis strategies</span></li><li><span>Syslog and Logrotate</span></li><li><span>Global system logs -- logging the kernel, boot processes, system messages and background services</span></li><li><span>Authentication logs -- authentication, privilege use, binary and plain text log formats</span></li><li><span>Application logs -- webservers, databases, filesharing and firewall logs</span></li></ul></li><li><p>Auditd</p><ul><li><span>Introduction</span></li><li><span>Log file format</span></li><li><span>Analysis techniques</span></li></ul></li></ul><ul><li>The Operating System Journal<ul><li><span>Introduction</span></li><li><span>How the journal works</span></li><li><span>What gets logged</span></li><li><span>Analysis techniques</span></li></ul></li></ul>"},{order:4,course_id:1450,name:r0,cpe_credits:"6.0",ELEMENT_TYPES_OVERVIEW:'<p align="left">Section 4 expands on the knowledge we have built so far and introduces tools and techniques to respond to intrusions in larger enterprises. The section starts by looking at how to scale your response and some of the tools that can assist with this. This topic is then developed further as we move into Endpoint Detection and Response (EDR) solutions for the Linux environment and introduce two alternatives to expensive commercial EDR tools -- OSSEC and Velociraptor. We\'ll cover how to configure and deploy both tools, enabling you to make sure that all your Linux devices have good quality monitoring and response capabilities.</p><p align="left">Finally, this section looks at Linux memory structures and how to collect volatile data for analysis. Given that this can be a complex process, and that analytical tools today are still not what they should be, we also look at using live response techniques to view this data on a target system. This has the added benefit of being something we can leverage through EDR tools, reducing the time and bandwidth required to capture memory from systems where the installed RAM could be running in the hundreds of gigabytes.</p><p></p>',ELEMENT_TYPES_EXERCISES:"<ul><li>EDR Tools</li><li>Capturing RAM</li><li>Live memory analysis</li></ul>",ELEMENT_TYPES_SECTION_TOPICS:"<ul><li>Enterprise Response<ul><li><span>Introduction</span></li><li><span>Problems and solutions</span></li><li><span>Tools to consider</span></li></ul></li><li>Endpoint Detection and Response (EDR)<ul><li><span>Introduction</span></li><li><span>Linux EDR issues</span></li><li><span>Alternatives to commercial EDR</span></li><li><span>OSSEC deployment and use</span></li><li><span>Velociraptor deployment and use</span></li></ul></li><li>Linux Memory and DFIR<ul><li><span>Why memory matters</span></li><li><span>Memory acquisition with AVML</span></li><li><span>Memory locations on the filesystem</span></li></ul></li><li>Live memory analysis<ul><li><span>Reviewing /proc</span></li><li><span>Live response workflow</span></li></ul></li></ul>"},{order:5,course_id:1450,name:i0,cpe_credits:"6.0",ELEMENT_TYPES_OVERVIEW:'<p align="left">This course section builds on the previous sections by looking at how we can use our increased knowledge to enhance our incident response work. We start by looking at triage, which is essential for any modern incident response, especially in large enterprises. We introduce the concept of rapidly assessing systems to make quick decisions about which devices need further investigation. This approach allows us to quickly work through large environments and focus our investigative efforts where they provide maximum value. We\'ll also look at freely available tools that help facilitate triage and improve response times.</p><p align="left">The section then moves to looking at timeline generation. Timelines are arguably an incident responder\'s superpower, allowing you to uncover some of the deepest secrets about an attack. We will look at two basic methods for building timelines and how to analyze them effectively.</p><p align="left">Once we understand the timelines, we will look at how attackers try to defeat them, then examine the most common anti-forensic techniques and how incident responders can minimize their impact on the investigation. We close the section with a broad discussion on how to make incident response in Linux better.</p><p></p>',ELEMENT_TYPES_EXERCISES:"<ul><li>Running triage tools</li><li>Triage assessment</li><li>Filesystem timelines</li><li>Super timeline creation</li><li>Super timeline analysis</li></ul>",ELEMENT_TYPES_SECTION_TOPICS:"<ul><li>Triage and DFIR Tools<ul><li><span>Introduction and concepts</span></li><li><span>Workflow</span></li><li><span>Collecting the data</span></li><li><span>Open-source triage tools</span></li><li><span>CyLR</span></li><li><span>GRR</span></li><li><span>Velociraptor offline collectors</span></li><li><span>Dissect</span></li><li><span>Triage with UAC</span></li><li><span>Build your own triage scripts</span></li></ul></li><li>Timelines<ul><li><span>Introduction</span></li><li><span>Types of timelines</span></li><li><span>Filesystem timeline creation and analysis</span></li><li><span>Super-timeline creation and analysis</span></li><li><span>Targeted timeline creation</span></li></ul></li><li>Anti-Forensics<ul><li><span>What to look for</span></li><li><span>Timestamp manipulation</span></li><li><span>Recovering deleted files</span></li></ul></li><li>Improving Incident Response<ul><li><span>Workflows</span></li><li><span>Hardening the environment</span></li></ul></li></ul>"},{order:6,course_id:1450,name:l0,cpe_credits:"6.0",ELEMENT_TYPES_OVERVIEW:"<p>This incredibly rich and realistic Intrusion Forensic Challenge is based on a real-world advanced persistent threat (APT) group. It brings together techniques learned throughout the course and tests your newly acquired skills in a case that simulates an attack by an advanced adversary. The challenge is based on a real intrusion into a Linux enterprise environment. You will be asked to uncover how the systems were compromised in the initial intrusion, find other systems the adversary moved to laterally, and identify intellectual property stolen via data exfiltration. This capstone exercise will enable you to leave the course with hands-on experience investigating realistic attacks, curated by a cadre of instructors with decades of experience fighting advanced threats from attackers ranging from nation-states to financial crime syndicates and hactivist groups.</p>",ELEMENT_TYPES_EXERCISES:e,ELEMENT_TYPES_SECTION_TOPICS:'<ul><li>Work in incident response teams to analyze multiple systems in an enterprise network</li><li>Learn to identify and track attacker actions across a multi-device environment finding initial exploitation, reconnaissance, persistence, privilege escalation, lateral movement, and data theft/exfiltration</li><li>Witness and participate in a team-based approach to incident response</li><li>Discover evidence of some of the most common and sophisticated attacks in the wild, including custom nation-state malware.</li><li>Each team will be asked to answer key questions, just as they would during a real breach in their organizations, in critical areas outlined below:</li></ul><h6>Identification and Scoping:</h6><ul><li>When did the APT group breach our network?</li><li>How did the attackers get into the environment?</li><li>What systems were compromised?</li><li>What accounts and privileges did the attackers attain on each system?</li><li>When and how did the attackers first laterally move to each system?</li></ul><h6>Containment and Threat Intelligence Gathering:</h6><ul><li>Once on other systems, what did the attackers look for on each system?</li><li>What data was exfiltrated and how? Determine what was stolen (recover any archives exfiltrated, find encoding passwords, and extract the contents to verify extracted data) and perform damage assessments.</li><li>Collect and list all malware used in the attack.</li><li>Develop and present security intelligence or an indicator of compromise for the APT group "beacon" malware for both host- and network-based enterprise scoping. What specific indicators exist for the use of this malware?</li></ul><h6>Remediation and Recovery:</h6><ul><li>What accounts need password changes? Did any malicious accounts get created?</li><li>Based on the attacker techniques and tools discovered during the incident, what are the recommended steps to remediate and recover from this incident?<ul><li><span>What systems need to be rebuilt?</span></li><li><span>What IP addresses need to be blocked?</span></li><li><span>What countermeasures should we deploy to slow or stop these attackers if they come back?</span></li><li><span>What recommendations would you make to detect these intruders in our network again?</span></li></ul></li></ul>'}],button_overrides:{override_primary_button:a,override_secondary_button:a,primary_button:Ki,secondary_button:$i,overridePrimaryButton:a,overrideSecondaryButton:a},courseRuns:[{catalog_image:"Forensics",cert_initials:P,cert_name:P,city:e,conf_id:1032,continent:"NA",country:"US",course_id:1450,delivery_method:p,delivery_method_group:"Online Training",event_product_id:253575,focus_area:[{display_title:"Digital Forensics, Incident Response & Threat Hunting",parent:[],slug:"digital-forensics",title:"Digital Forensics and Incident Response (DFIR) (Top Level)",uid:"blt64479f3f6bea90c6"}],hidden:0,icon:e,in_language:e,instructors:[{first_name:"Tarot",last_name:"Wake",slug:"tarot-wake"}],is_long_course:1,linked_run:P,meeting_times:[],modality_if_linked:P,name:"LINUX Incident Response and Threat Hunting",presale:0,pricing:8780,pricing_early_bird:"8780.00",pricing_early_bird_2:"8780.00",public_giac_bundle:P,public_od_bundle:P,region:"North America",region_id:12,release_date:P,slug:"linux-threat-hunting-incident-response",state:P,summit_discounted_fee:P,summit_early_bird:P,summit_early_bird_2:P,summit_pricing:P,teaser:e,timezone:P,timezone_abbreviation:P,tz_name:"UTC",salesforce:{currencyIsoCode:"USD",listPrice:8780,unitPrice:8780,pricebookEntryId:"01uHt00000SRA6lIAH",productId:"01tHt000006iEm3IAE",sansProductId:"253575",gated:a,productCode:"FOR577-ONDEMAND-E253575P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2023-10-14T00:03:34.000Z",updatedAt:"2024-08-17T14:54:24.000Z",addons:{netWarsPrice:1775}},event_name:p,event_url:P,event_start_date:P,csRegion:{region:"americas",subRegion:"usa-and-canada"},childRuns:[{instructors:[{name:"Tarot Wake",url:"/profiles/tarot-wake"}],meetingTimes:[],confId:1032,eventProductId:253575,icon:e,in_language:e,salesforce:{currencyIsoCode:"USD",listPrice:8780,unitPrice:8780,pricebookEntryId:"01uHt00000SRA6lIAH",productId:"01tHt000006iEm3IAE",sansProductId:"253575",gated:a,productCode:"FOR577-ONDEMAND-E253575P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2023-10-14T00:03:34.000Z",updatedAt:"2024-08-17T14:54:24.000Z",addons:{netWarsPrice:1775}},trainingFormats:["ondemand"]}],userTimezone:"Africa/Abidjan"},{catalog_image:R,cert_initials:P,cert_name:P,city:"Amsterdam",conf_id:80905,continent:"EU",country:"NL",course_id:1450,delivery_method:"Training Event",delivery_method_group:"Live Training",event_product_id:257245,focus_area:[{display_title:"Digital Forensics, Incident Response & Threat Hunting",parent:[],slug:"digital-forensics",title:"Digital Forensics and Incident Response (DFIR) (Top Level)",uid:"blt64479f3f6bea90c6"}],hidden:0,icon:e,in_language:e,instructors:[{first_name:"Tarot",last_name:"Wake",slug:"tarot-wake"}],is_long_course:1,linked_run:{linked_conf_id:P,linked_delivery_method:P,linked_delivery_method_group:P,linked_event_product_id:P,linked_icon:e,override_conf_id:83670,override_event_product_id:264195,override_icon:e,override_in_language:e,override_instructors:[{first_name:"Tarot",last_name:"Wake",slug:"tarot-wake"}],override_linked_modality_code:"IP_LO_SI",override_meeting_times:[{date:"2024-12-16",end:"2024-12-16T16:00:00+00:00",pm_end:e,pm_start:e,start:"2024-12-16T07:30:00+00:00"},{date:"2024-12-17",end:"2024-12-17T16:00:00+00:00",pm_end:e,pm_start:e,start:"2024-12-17T08:00:00+00:00"},{date:"2024-12-18",end:"2024-12-18T16:00:00+00:00",pm_end:e,pm_start:e,start:"2024-12-18T08:00:00+00:00"},{date:"2024-12-19",end:"2024-12-19T16:00:00+00:00",pm_end:e,pm_start:e,start:"2024-12-19T08:00:00+00:00"},{date:"2024-12-20",end:"2024-12-20T16:00:00+00:00",pm_end:e,pm_start:e,start:"2024-12-20T08:00:00+00:00"},{date:"2024-12-21",end:"2024-12-21T16:00:00+00:00",pm_end:e,pm_start:e,start:"2024-12-21T08:00:00+00:00"}],override_summit_discounted_price:P,override_summit_price:P,salesforce:{currencyIsoCode:"EUR",listPrice:8230,unitPrice:8230,pricebookEntryId:"01uUI000001yasZYAQ",productId:"01tUI000002thYTYAY",sansProductId:"264195",gated:a,productCode:"FOR577-LIVEONLINE-83670-E264195P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-03-21T16:33:37.000Z",updatedAt:"2024-08-17T14:53:56.000Z",addons:{onDemandPrice:905,netWarsPrice:1375}},pricing:8230},meeting_times:[{date:"2024-12-16",end:"2024-12-16T16:00:00+00:00",pm_end:e,pm_start:e,start:"2024-12-16T07:30:00+00:00"},{date:"2024-12-17",end:"2024-12-17T16:00:00+00:00",pm_end:e,pm_start:e,start:"2024-12-17T08:00:00+00:00"},{date:"2024-12-18",end:"2024-12-18T16:00:00+00:00",pm_end:e,pm_start:e,start:"2024-12-18T08:00:00+00:00"},{date:"2024-12-19",end:"2024-12-19T16:00:00+00:00",pm_end:e,pm_start:e,start:"2024-12-19T08:00:00+00:00"},{date:"2024-12-20",end:"2024-12-20T16:00:00+00:00",pm_end:e,pm_start:e,start:"2024-12-20T08:00:00+00:00"},{date:"2024-12-21",end:"2024-12-21T16:00:00+00:00",pm_end:e,pm_start:e,start:"2024-12-21T08:00:00+00:00"}],modality_if_linked:P,name:"LINUX Incident Response and Threat Hunting",presale:0,pricing:8230,pricing_early_bird:"7745.00",pricing_early_bird_2:"7745.00",public_giac_bundle:P,public_od_bundle:905,region:"EMEA",region_id:14,release_date:P,slug:"linux-threat-hunting-incident-response",state:e,summit_discounted_fee:P,summit_early_bird:P,summit_early_bird_2:P,summit_pricing:P,teaser:e,timezone:"Central European Time",timezone_abbreviation:"CET",tz_name:"Europe/Brussels",salesforce:{currencyIsoCode:"EUR",listPrice:8230,unitPrice:8230,pricebookEntryId:"01uUI000001yartYAA",productId:"01tUI000002thY8YAI",sansProductId:"257245",gated:a,productCode:"FOR577-AMSTERDAM-DECEMBER-2024-E257245P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-03-21T16:33:37.000Z",updatedAt:"2024-08-17T14:53:56.000Z",addons:{onDemandPrice:905,netWarsPrice:1375}},event_name:"SANS Amsterdam December 2024",event_url:"/amsterdam-december-2024",event_start_date:"2024-12-16 00:00:00",removal_time_utc:"2024-12-21 23:00:00",csRegion:{region:"emea",subRegion:"mainland-europe"},childRuns:[{instructors:[{name:"Tarot Wake",url:"/profiles/tarot-wake"}],meetingTimes:[{date:"2024-12-16",end:"2024-12-16T16:00:00+00:00",pm_end:e,pm_start:e,start:"2024-12-16T07:30:00+00:00"},{date:"2024-12-17",end:"2024-12-17T16:00:00+00:00",pm_end:e,pm_start:e,start:"2024-12-17T08:00:00+00:00"},{date:"2024-12-18",end:"2024-12-18T16:00:00+00:00",pm_end:e,pm_start:e,start:"2024-12-18T08:00:00+00:00"},{date:"2024-12-19",end:"2024-12-19T16:00:00+00:00",pm_end:e,pm_start:e,start:"2024-12-19T08:00:00+00:00"},{date:"2024-12-20",end:"2024-12-20T16:00:00+00:00",pm_end:e,pm_start:e,start:"2024-12-20T08:00:00+00:00"},{date:"2024-12-21",end:"2024-12-21T16:00:00+00:00",pm_end:e,pm_start:e,start:"2024-12-21T08:00:00+00:00"}],confId:80905,eventProductId:257245,icon:e,in_language:e,salesforce:{currencyIsoCode:"EUR",listPrice:8230,unitPrice:8230,pricebookEntryId:"01uUI000001yartYAA",productId:"01tUI000002thY8YAI",sansProductId:"257245",gated:a,productCode:"FOR577-AMSTERDAM-DECEMBER-2024-E257245P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-03-21T16:33:37.000Z",updatedAt:"2024-08-17T14:53:56.000Z",addons:{onDemandPrice:905,netWarsPrice:1375}},trainingFormats:["in_person"],meetingInfo:{times:[{end:"2024-12-16T16:00:00.000Z",start:"2024-12-16T07:30:00.000Z"},{end:"2024-12-17T16:00:00.000Z",start:"2024-12-17T08:00:00.000Z"},{end:"2024-12-18T16:00:00.000Z",start:"2024-12-18T08:00:00.000Z"},{end:"2024-12-19T16:00:00.000Z",start:"2024-12-19T08:00:00.000Z"},{end:"2024-12-20T16:00:00.000Z",start:"2024-12-20T08:00:00.000Z"},{end:"2024-12-21T16:00:00.000Z",start:"2024-12-21T08:00:00.000Z"}],earliest:"2024-12-16T07:30:00.000Z",latest:"2024-12-21T16:00:00.000Z"},event_start:"2024-12-16T07:30:00.000Z",event_end:"2024-12-21T16:00:00.000Z",timezone:"GMT",times:"Starts 16 Dec 2024 at 7:30 AM GMT (6 days)",meetings:["16 Dec 2024: 7:30 AM to 4:00 PM GMT","17 Dec 2024: 8:00 AM to 4:00 PM GMT","18 Dec 2024: 8:00 AM to 4:00 PM GMT","19 Dec 2024: 8:00 AM to 4:00 PM GMT","20 Dec 2024: 8:00 AM to 4:00 PM GMT","21 Dec 2024: 8:00 AM to 4:00 PM GMT"]},{instructors:[{name:"Tarot Wake",url:"/profiles/tarot-wake"}],meetingTimes:[{date:"2024-12-16",end:"2024-12-16T16:00:00+00:00",pm_end:e,pm_start:e,start:"2024-12-16T07:30:00+00:00"},{date:"2024-12-17",end:"2024-12-17T16:00:00+00:00",pm_end:e,pm_start:e,start:"2024-12-17T08:00:00+00:00"},{date:"2024-12-18",end:"2024-12-18T16:00:00+00:00",pm_end:e,pm_start:e,start:"2024-12-18T08:00:00+00:00"},{date:"2024-12-19",end:"2024-12-19T16:00:00+00:00",pm_end:e,pm_start:e,start:"2024-12-19T08:00:00+00:00"},{date:"2024-12-20",end:"2024-12-20T16:00:00+00:00",pm_end:e,pm_start:e,start:"2024-12-20T08:00:00+00:00"},{date:"2024-12-21",end:"2024-12-21T16:00:00+00:00",pm_end:e,pm_start:e,start:"2024-12-21T08:00:00+00:00"}],confId:83670,eventProductId:264195,icon:e,in_language:e,trainingFormats:["live_online"],salesforce:{currencyIsoCode:"EUR",listPrice:8230,unitPrice:8230,pricebookEntryId:"01uUI000001yasZYAQ",productId:"01tUI000002thYTYAY",sansProductId:"264195",gated:a,productCode:"FOR577-LIVEONLINE-83670-E264195P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-03-21T16:33:37.000Z",updatedAt:"2024-08-17T14:53:56.000Z",addons:{onDemandPrice:905,netWarsPrice:1375}},meetingInfo:{times:[{end:"2024-12-16T16:00:00.000Z",start:"2024-12-16T07:30:00.000Z"},{end:"2024-12-17T16:00:00.000Z",start:"2024-12-17T08:00:00.000Z"},{end:"2024-12-18T16:00:00.000Z",start:"2024-12-18T08:00:00.000Z"},{end:"2024-12-19T16:00:00.000Z",start:"2024-12-19T08:00:00.000Z"},{end:"2024-12-20T16:00:00.000Z",start:"2024-12-20T08:00:00.000Z"},{end:"2024-12-21T16:00:00.000Z",start:"2024-12-21T08:00:00.000Z"}],earliest:"2024-12-16T07:30:00.000Z",latest:"2024-12-21T16:00:00.000Z"},event_start:"2024-12-16T07:30:00.000Z",event_end:"2024-12-21T16:00:00.000Z",timezone:"GMT",times:"Starts 16 Dec 2024 at 7:30 AM GMT (6 days)",meetings:["16 Dec 2024: 7:30 AM to 4:00 PM GMT","17 Dec 2024: 8:00 AM to 4:00 PM GMT","18 Dec 2024: 8:00 AM to 4:00 PM GMT","19 Dec 2024: 8:00 AM to 4:00 PM GMT","20 Dec 2024: 8:00 AM to 4:00 PM GMT","21 Dec 2024: 8:00 AM to 4:00 PM GMT"]}],userTimezone:"Africa/Abidjan"},{catalog_image:R,cert_initials:P,cert_name:P,city:"London",conf_id:84590,continent:"EU",country:"GB",course_id:1450,delivery_method:"Training Event",delivery_method_group:"Live Training",event_product_id:268190,focus_area:[{display_title:"Digital Forensics, Incident Response & Threat Hunting",parent:[],slug:"digital-forensics",title:"Digital Forensics and Incident Response (DFIR) (Top Level)",uid:"blt64479f3f6bea90c6"}],hidden:0,icon:e,in_language:e,instructors:[{first_name:"Tarot",last_name:"Wake",slug:"tarot-wake"}],is_long_course:1,linked_run:{linked_conf_id:P,linked_delivery_method:P,linked_delivery_method_group:P,linked_event_product_id:P,linked_icon:e,override_conf_id:84770,override_event_product_id:268315,override_icon:e,override_in_language:e,override_instructors:[{first_name:"Tarot",last_name:"Wake",slug:"tarot-wake"}],override_linked_modality_code:"IP_LO_SI",override_meeting_times:[{date:"2025-01-13",end:"2025-01-13T17:00:00+00:00",pm_end:e,pm_start:e,start:"2025-01-13T08:30:00+00:00"},{date:"2025-01-14",end:"2025-01-14T17:00:00+00:00",pm_end:e,pm_start:e,start:"2025-01-14T09:00:00+00:00"},{date:"2025-01-15",end:"2025-01-15T17:00:00+00:00",pm_end:e,pm_start:e,start:"2025-01-15T09:00:00+00:00"},{date:"2025-01-16",end:"2025-01-16T17:00:00+00:00",pm_end:e,pm_start:e,start:"2025-01-16T09:00:00+00:00"},{date:"2025-01-17",end:"2025-01-17T17:00:00+00:00",pm_end:e,pm_start:e,start:"2025-01-17T09:00:00+00:00"},{date:"2025-01-18",end:"2025-01-18T17:00:00+00:00",pm_end:e,pm_start:e,start:"2025-01-18T09:00:00+00:00"}],override_summit_discounted_price:P,override_summit_price:P,salesforce:{currencyIsoCode:"GBP",listPrice:7160,unitPrice:7160,pricebookEntryId:"01uUI000003HgT9YAK",productId:"01tUI0000040yF6YAI",sansProductId:"268315",gated:a,productCode:"FOR577-LIVEONLINE-84770-E268315P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-06-04T15:33:39.000Z",updatedAt:"2024-08-28T21:03:43.000Z",addons:{onDemandPrice:775,netWarsPrice:1190}},pricing:7160},meeting_times:[{date:"2025-01-13",end:"2025-01-13T17:00:00+00:00",pm_end:e,pm_start:e,start:"2025-01-13T08:30:00+00:00"},{date:"2025-01-14",end:"2025-01-14T17:00:00+00:00",pm_end:e,pm_start:e,start:"2025-01-14T09:00:00+00:00"},{date:"2025-01-15",end:"2025-01-15T17:00:00+00:00",pm_end:e,pm_start:e,start:"2025-01-15T09:00:00+00:00"},{date:"2025-01-16",end:"2025-01-16T17:00:00+00:00",pm_end:e,pm_start:e,start:"2025-01-16T09:00:00+00:00"},{date:"2025-01-17",end:"2025-01-17T17:00:00+00:00",pm_end:e,pm_start:e,start:"2025-01-17T09:00:00+00:00"},{date:"2025-01-18",end:"2025-01-18T17:00:00+00:00",pm_end:e,pm_start:e,start:"2025-01-18T09:00:00+00:00"}],modality_if_linked:P,name:"LINUX Incident Response and Threat Hunting",presale:0,pricing:7160,pricing_early_bird:"6910.00",pricing_early_bird_2:"6910.00",public_giac_bundle:P,public_od_bundle:775,region:"EMEA",region_id:14,release_date:P,slug:"linux-threat-hunting-incident-response",state:e,summit_discounted_fee:P,summit_early_bird:P,summit_early_bird_2:P,summit_pricing:P,teaser:e,timezone:"Greenwich Mean Time",timezone_abbreviation:"GMT",tz_name:"Etc/GMT",salesforce:{currencyIsoCode:"GBP",listPrice:7160,unitPrice:7160,pricebookEntryId:"01uUI000003HcCNYA0",productId:"01tUI0000040wbMYAQ",sansProductId:"268190",gated:a,productCode:"FOR577-LONDON-JANUARY-2025-E268190P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-06-04T15:03:49.000Z",updatedAt:"2024-08-28T21:03:43.000Z",addons:{onDemandPrice:775,netWarsPrice:1190}},event_name:"SANS London January 2025",event_url:"/london-january-2025",event_start_date:"2025-01-13 00:00:00",removal_time_utc:"2025-01-19 00:00:00",csRegion:{region:"emea",subRegion:"united-kingdom-and-ireland"},childRuns:[{instructors:[{name:"Tarot Wake",url:"/profiles/tarot-wake"}],meetingTimes:[{date:"2025-01-13",end:"2025-01-13T17:00:00+00:00",pm_end:e,pm_start:e,start:"2025-01-13T08:30:00+00:00"},{date:"2025-01-14",end:"2025-01-14T17:00:00+00:00",pm_end:e,pm_start:e,start:"2025-01-14T09:00:00+00:00"},{date:"2025-01-15",end:"2025-01-15T17:00:00+00:00",pm_end:e,pm_start:e,start:"2025-01-15T09:00:00+00:00"},{date:"2025-01-16",end:"2025-01-16T17:00:00+00:00",pm_end:e,pm_start:e,start:"2025-01-16T09:00:00+00:00"},{date:"2025-01-17",end:"2025-01-17T17:00:00+00:00",pm_end:e,pm_start:e,start:"2025-01-17T09:00:00+00:00"},{date:"2025-01-18",end:"2025-01-18T17:00:00+00:00",pm_end:e,pm_start:e,start:"2025-01-18T09:00:00+00:00"}],confId:84590,eventProductId:268190,icon:e,in_language:e,salesforce:{currencyIsoCode:"GBP",listPrice:7160,unitPrice:7160,pricebookEntryId:"01uUI000003HcCNYA0",productId:"01tUI0000040wbMYAQ",sansProductId:"268190",gated:a,productCode:"FOR577-LONDON-JANUARY-2025-E268190P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-06-04T15:03:49.000Z",updatedAt:"2024-08-28T21:03:43.000Z",addons:{onDemandPrice:775,netWarsPrice:1190}},trainingFormats:["in_person"],meetingInfo:{times:[{end:"2025-01-13T17:00:00.000Z",start:"2025-01-13T08:30:00.000Z"},{end:"2025-01-14T17:00:00.000Z",start:"2025-01-14T09:00:00.000Z"},{end:"2025-01-15T17:00:00.000Z",start:"2025-01-15T09:00:00.000Z"},{end:"2025-01-16T17:00:00.000Z",start:"2025-01-16T09:00:00.000Z"},{end:"2025-01-17T17:00:00.000Z",start:"2025-01-17T09:00:00.000Z"},{end:"2025-01-18T17:00:00.000Z",start:"2025-01-18T09:00:00.000Z"}],earliest:"2025-01-13T08:30:00.000Z",latest:"2025-01-18T17:00:00.000Z"},event_start:"2025-01-13T08:30:00.000Z",event_end:"2025-01-18T17:00:00.000Z",timezone:"GMT",times:"Starts 13 Jan 2025 at 8:30 AM GMT (6 days)",meetings:["13 Jan 2025: 8:30 AM to 5:00 PM GMT","14 Jan 2025: 9:00 AM to 5:00 PM GMT","15 Jan 2025: 9:00 AM to 5:00 PM GMT","16 Jan 2025: 9:00 AM to 5:00 PM GMT","17 Jan 2025: 9:00 AM to 5:00 PM GMT","18 Jan 2025: 9:00 AM to 5:00 PM GMT"]},{instructors:[{name:"Tarot Wake",url:"/profiles/tarot-wake"}],meetingTimes:[{date:"2025-01-13",end:"2025-01-13T17:00:00+00:00",pm_end:e,pm_start:e,start:"2025-01-13T08:30:00+00:00"},{date:"2025-01-14",end:"2025-01-14T17:00:00+00:00",pm_end:e,pm_start:e,start:"2025-01-14T09:00:00+00:00"},{date:"2025-01-15",end:"2025-01-15T17:00:00+00:00",pm_end:e,pm_start:e,start:"2025-01-15T09:00:00+00:00"},{date:"2025-01-16",end:"2025-01-16T17:00:00+00:00",pm_end:e,pm_start:e,start:"2025-01-16T09:00:00+00:00"},{date:"2025-01-17",end:"2025-01-17T17:00:00+00:00",pm_end:e,pm_start:e,start:"2025-01-17T09:00:00+00:00"},{date:"2025-01-18",end:"2025-01-18T17:00:00+00:00",pm_end:e,pm_start:e,start:"2025-01-18T09:00:00+00:00"}],confId:84770,eventProductId:268315,icon:e,in_language:e,trainingFormats:["live_online"],salesforce:{currencyIsoCode:"GBP",listPrice:7160,unitPrice:7160,pricebookEntryId:"01uUI000003HgT9YAK",productId:"01tUI0000040yF6YAI",sansProductId:"268315",gated:a,productCode:"FOR577-LIVEONLINE-84770-E268315P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-06-04T15:33:39.000Z",updatedAt:"2024-08-28T21:03:43.000Z",addons:{onDemandPrice:775,netWarsPrice:1190}},meetingInfo:{times:[{end:"2025-01-13T17:00:00.000Z",start:"2025-01-13T08:30:00.000Z"},{end:"2025-01-14T17:00:00.000Z",start:"2025-01-14T09:00:00.000Z"},{end:"2025-01-15T17:00:00.000Z",start:"2025-01-15T09:00:00.000Z"},{end:"2025-01-16T17:00:00.000Z",start:"2025-01-16T09:00:00.000Z"},{end:"2025-01-17T17:00:00.000Z",start:"2025-01-17T09:00:00.000Z"},{end:"2025-01-18T17:00:00.000Z",start:"2025-01-18T09:00:00.000Z"}],earliest:"2025-01-13T08:30:00.000Z",latest:"2025-01-18T17:00:00.000Z"},event_start:"2025-01-13T08:30:00.000Z",event_end:"2025-01-18T17:00:00.000Z",timezone:"GMT",times:"Starts 13 Jan 2025 at 8:30 AM GMT (6 days)",meetings:["13 Jan 2025: 8:30 AM to 5:00 PM GMT","14 Jan 2025: 9:00 AM to 5:00 PM GMT","15 Jan 2025: 9:00 AM to 5:00 PM GMT","16 Jan 2025: 9:00 AM to 5:00 PM GMT","17 Jan 2025: 9:00 AM to 5:00 PM GMT","18 Jan 2025: 9:00 AM to 5:00 PM GMT"]}],userTimezone:"Africa/Abidjan"},{catalog_image:R,cert_initials:P,cert_name:P,city:"Baltimore",conf_id:83915,continent:"NA",country:"US",course_id:1450,delivery_method:"Training Event",delivery_method_group:"Live Training",event_product_id:264615,focus_area:[{display_title:"Digital Forensics, Incident Response & Threat Hunting",parent:[],slug:"digital-forensics",title:"Digital Forensics and Incident Response (DFIR) (Top Level)",uid:"blt64479f3f6bea90c6"}],hidden:0,icon:e,in_language:e,instructors:[{first_name:"Jim",last_name:"Clausing",slug:"jim-clausing"}],is_long_course:1,linked_run:{linked_conf_id:P,linked_delivery_method:P,linked_delivery_method_group:P,linked_event_product_id:P,linked_icon:e,override_conf_id:83920,override_event_product_id:264855,override_icon:e,override_in_language:e,override_instructors:[{first_name:"Jim",last_name:"Clausing",slug:"jim-clausing"}],override_linked_modality_code:"IP_LO_SI",override_meeting_times:[{date:"2025-03-03",end:"2025-03-03T22:00:00+00:00",pm_end:e,pm_start:e,start:"2025-03-03T13:30:00+00:00"},{date:"2025-03-04",end:"2025-03-04T22:00:00+00:00",pm_end:e,pm_start:e,start:"2025-03-04T14:00:00+00:00"},{date:"2025-03-05",end:"2025-03-05T22:00:00+00:00",pm_end:e,pm_start:e,start:"2025-03-05T14:00:00+00:00"},{date:"2025-03-06",end:"2025-03-06T22:00:00+00:00",pm_end:e,pm_start:e,start:"2025-03-06T14:00:00+00:00"},{date:"2025-03-07",end:"2025-03-07T22:00:00+00:00",pm_end:e,pm_start:e,start:"2025-03-07T14:00:00+00:00"},{date:"2025-03-08",end:"2025-03-08T22:00:00+00:00",pm_end:e,pm_start:e,start:"2025-03-08T14:00:00+00:00"}],override_summit_discounted_price:P,override_summit_price:P,salesforce:{currencyIsoCode:"USD",listPrice:8780,unitPrice:8780,pricebookEntryId:"01uUI000002AaWLYA0",productId:"01tUI0000033H1JYAU",sansProductId:"264855",gated:a,productCode:"FOR577-LIVEONLINE-83920-E264855P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-04-02T17:33:38.000Z",updatedAt:"2024-10-28T22:33:47.000Z",addons:{onDemandPrice:999,netWarsPrice:1775}},pricing:8780},meeting_times:[{date:"2025-03-03",end:"2025-03-03T22:00:00+00:00",pm_end:e,pm_start:e,start:"2025-03-03T13:30:00+00:00"},{date:"2025-03-04",end:"2025-03-04T22:00:00+00:00",pm_end:e,pm_start:e,start:"2025-03-04T14:00:00+00:00"},{date:"2025-03-05",end:"2025-03-05T22:00:00+00:00",pm_end:e,pm_start:e,start:"2025-03-05T14:00:00+00:00"},{date:"2025-03-06",end:"2025-03-06T22:00:00+00:00",pm_end:e,pm_start:e,start:"2025-03-06T14:00:00+00:00"},{date:"2025-03-07",end:"2025-03-07T22:00:00+00:00",pm_end:e,pm_start:e,start:"2025-03-07T14:00:00+00:00"},{date:"2025-03-08",end:"2025-03-08T22:00:00+00:00",pm_end:e,pm_start:e,start:"2025-03-08T14:00:00+00:00"}],modality_if_linked:P,name:"LINUX Incident Response and Threat Hunting",presale:0,pricing:8780,pricing_early_bird:"8125.00",pricing_early_bird_2:"8325.00",public_giac_bundle:P,public_od_bundle:999,region:"North America",region_id:12,release_date:P,slug:"linux-threat-hunting-incident-response",state:"MD",summit_discounted_fee:P,summit_early_bird:P,summit_early_bird_2:P,summit_pricing:P,teaser:e,timezone:"US Eastern",timezone_abbreviation:"ET",tz_name:"US/Eastern",salesforce:{currencyIsoCode:"USD",listPrice:8780,unitPrice:8780,pricebookEntryId:"01uUI000002AXDVYA4",productId:"01tUI0000033FSXYA2",sansProductId:"264615",gated:a,productCode:"FOR577-SECURITY-EAST-2025-E264615P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-04-02T17:03:37.000Z",updatedAt:"2024-10-28T22:33:47.000Z",addons:{onDemandPrice:999,netWarsPrice:1775}},event_name:"Cyber Security Training at SANS Security East Baltimore 2025",event_url:"/security-east-2025",event_start_date:"2025-03-03 00:00:00",removal_time_utc:"2025-03-09 05:00:00",csRegion:{region:"americas",subRegion:"usa-and-canada"},childRuns:[{instructors:[{name:"Jim Clausing",url:"/profiles/jim-clausing"}],meetingTimes:[{date:"2025-03-03",end:"2025-03-03T22:00:00+00:00",pm_end:e,pm_start:e,start:"2025-03-03T13:30:00+00:00"},{date:"2025-03-04",end:"2025-03-04T22:00:00+00:00",pm_end:e,pm_start:e,start:"2025-03-04T14:00:00+00:00"},{date:"2025-03-05",end:"2025-03-05T22:00:00+00:00",pm_end:e,pm_start:e,start:"2025-03-05T14:00:00+00:00"},{date:"2025-03-06",end:"2025-03-06T22:00:00+00:00",pm_end:e,pm_start:e,start:"2025-03-06T14:00:00+00:00"},{date:"2025-03-07",end:"2025-03-07T22:00:00+00:00",pm_end:e,pm_start:e,start:"2025-03-07T14:00:00+00:00"},{date:"2025-03-08",end:"2025-03-08T22:00:00+00:00",pm_end:e,pm_start:e,start:"2025-03-08T14:00:00+00:00"}],confId:83915,eventProductId:264615,icon:e,in_language:e,salesforce:{currencyIsoCode:"USD",listPrice:8780,unitPrice:8780,pricebookEntryId:"01uUI000002AXDVYA4",productId:"01tUI0000033FSXYA2",sansProductId:"264615",gated:a,productCode:"FOR577-SECURITY-EAST-2025-E264615P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-04-02T17:03:37.000Z",updatedAt:"2024-10-28T22:33:47.000Z",addons:{onDemandPrice:999,netWarsPrice:1775}},trainingFormats:["in_person"],meetingInfo:{times:[{end:"2025-03-03T22:00:00.000Z",start:"2025-03-03T13:30:00.000Z"},{end:"2025-03-04T22:00:00.000Z",start:"2025-03-04T14:00:00.000Z"},{end:"2025-03-05T22:00:00.000Z",start:"2025-03-05T14:00:00.000Z"},{end:"2025-03-06T22:00:00.000Z",start:"2025-03-06T14:00:00.000Z"},{end:"2025-03-07T22:00:00.000Z",start:"2025-03-07T14:00:00.000Z"},{end:"2025-03-08T22:00:00.000Z",start:"2025-03-08T14:00:00.000Z"}],earliest:"2025-03-03T13:30:00.000Z",latest:"2025-03-08T22:00:00.000Z"},event_start:"2025-03-03T13:30:00.000Z",event_end:"2025-03-08T22:00:00.000Z",timezone:"GMT",times:"Starts 3 Mar 2025 at 1:30 PM GMT (6 days)",meetings:["3 Mar 2025: 1:30 PM to 10:00 PM GMT","4 Mar 2025: 2:00 PM to 10:00 PM GMT","5 Mar 2025: 2:00 PM to 10:00 PM GMT","6 Mar 2025: 2:00 PM to 10:00 PM GMT","7 Mar 2025: 2:00 PM to 10:00 PM GMT","8 Mar 2025: 2:00 PM to 10:00 PM GMT"]},{instructors:[{name:"Jim Clausing",url:"/profiles/jim-clausing"}],meetingTimes:[{date:"2025-03-03",end:"2025-03-03T22:00:00+00:00",pm_end:e,pm_start:e,start:"2025-03-03T13:30:00+00:00"},{date:"2025-03-04",end:"2025-03-04T22:00:00+00:00",pm_end:e,pm_start:e,start:"2025-03-04T14:00:00+00:00"},{date:"2025-03-05",end:"2025-03-05T22:00:00+00:00",pm_end:e,pm_start:e,start:"2025-03-05T14:00:00+00:00"},{date:"2025-03-06",end:"2025-03-06T22:00:00+00:00",pm_end:e,pm_start:e,start:"2025-03-06T14:00:00+00:00"},{date:"2025-03-07",end:"2025-03-07T22:00:00+00:00",pm_end:e,pm_start:e,start:"2025-03-07T14:00:00+00:00"},{date:"2025-03-08",end:"2025-03-08T22:00:00+00:00",pm_end:e,pm_start:e,start:"2025-03-08T14:00:00+00:00"}],confId:83920,eventProductId:264855,icon:e,in_language:e,trainingFormats:["live_online"],salesforce:{currencyIsoCode:"USD",listPrice:8780,unitPrice:8780,pricebookEntryId:"01uUI000002AaWLYA0",productId:"01tUI0000033H1JYAU",sansProductId:"264855",gated:a,productCode:"FOR577-LIVEONLINE-83920-E264855P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-04-02T17:33:38.000Z",updatedAt:"2024-10-28T22:33:47.000Z",addons:{onDemandPrice:999,netWarsPrice:1775}},meetingInfo:{times:[{end:"2025-03-03T22:00:00.000Z",start:"2025-03-03T13:30:00.000Z"},{end:"2025-03-04T22:00:00.000Z",start:"2025-03-04T14:00:00.000Z"},{end:"2025-03-05T22:00:00.000Z",start:"2025-03-05T14:00:00.000Z"},{end:"2025-03-06T22:00:00.000Z",start:"2025-03-06T14:00:00.000Z"},{end:"2025-03-07T22:00:00.000Z",start:"2025-03-07T14:00:00.000Z"},{end:"2025-03-08T22:00:00.000Z",start:"2025-03-08T14:00:00.000Z"}],earliest:"2025-03-03T13:30:00.000Z",latest:"2025-03-08T22:00:00.000Z"},event_start:"2025-03-03T13:30:00.000Z",event_end:"2025-03-08T22:00:00.000Z",timezone:"GMT",times:"Starts 3 Mar 2025 at 1:30 PM GMT (6 days)",meetings:["3 Mar 2025: 1:30 PM to 10:00 PM GMT","4 Mar 2025: 2:00 PM to 10:00 PM GMT","5 Mar 2025: 2:00 PM to 10:00 PM GMT","6 Mar 2025: 2:00 PM to 10:00 PM GMT","7 Mar 2025: 2:00 PM to 10:00 PM GMT","8 Mar 2025: 2:00 PM to 10:00 PM GMT"]}],userTimezone:"Africa/Abidjan"},{catalog_image:R,cert_initials:P,cert_name:P,city:"Orlando",conf_id:83910,continent:"NA",country:"US",course_id:1450,delivery_method:"Training Event",delivery_method_group:"Live Training",event_product_id:265045,focus_area:[{display_title:"Digital Forensics, Incident Response & Threat Hunting",parent:[],slug:"digital-forensics",title:"Digital Forensics and Incident Response (DFIR) (Top Level)",uid:"blt64479f3f6bea90c6"}],hidden:0,icon:e,in_language:e,instructors:[{first_name:"Tarot",last_name:"Wake",slug:"tarot-wake"}],is_long_course:1,linked_run:{linked_conf_id:P,linked_delivery_method:P,linked_delivery_method_group:P,linked_event_product_id:P,linked_icon:e,override_conf_id:84015,override_event_product_id:265470,override_icon:e,override_in_language:e,override_instructors:[{first_name:"Tarot",last_name:"Wake",slug:"tarot-wake"}],override_linked_modality_code:"IP_LO_SI",override_meeting_times:[{date:"2025-04-13",end:"2025-04-13T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-04-13T12:30:00+00:00"},{date:"2025-04-14",end:"2025-04-14T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-04-14T13:00:00+00:00"},{date:"2025-04-15",end:"2025-04-15T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-04-15T13:00:00+00:00"},{date:"2025-04-16",end:"2025-04-16T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-04-16T13:00:00+00:00"},{date:"2025-04-17",end:"2025-04-17T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-04-17T13:00:00+00:00"},{date:"2025-04-18",end:"2025-04-18T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-04-18T13:00:00+00:00"}],override_summit_discounted_price:P,override_summit_price:P,salesforce:{currencyIsoCode:"USD",listPrice:8780,unitPrice:8780,pricebookEntryId:"01uUI000002E9jRYAS",productId:"01tUI0000035W7nYAE",sansProductId:"265470",gated:a,productCode:"FOR577-LIVEONLINE-84015-E265470P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-04-05T02:03:45.000Z",updatedAt:"2024-10-21T17:03:48.000Z",addons:{onDemandPrice:999,netWarsPrice:1775}},pricing:8780},meeting_times:[{date:"2025-04-13",end:"2025-04-13T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-04-13T12:30:00+00:00"},{date:"2025-04-14",end:"2025-04-14T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-04-14T13:00:00+00:00"},{date:"2025-04-15",end:"2025-04-15T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-04-15T13:00:00+00:00"},{date:"2025-04-16",end:"2025-04-16T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-04-16T13:00:00+00:00"},{date:"2025-04-17",end:"2025-04-17T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-04-17T13:00:00+00:00"},{date:"2025-04-18",end:"2025-04-18T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-04-18T13:00:00+00:00"}],modality_if_linked:P,name:"LINUX Incident Response and Threat Hunting",presale:0,pricing:8780,pricing_early_bird:"8380.00",pricing_early_bird_2:"8580.00",public_giac_bundle:P,public_od_bundle:999,region:"North America",region_id:12,release_date:P,slug:"linux-threat-hunting-incident-response",state:"FL",summit_discounted_fee:P,summit_early_bird:P,summit_early_bird_2:P,summit_pricing:P,teaser:e,timezone:"US Eastern",timezone_abbreviation:"ET",tz_name:"US/Eastern",salesforce:{currencyIsoCode:"USD",listPrice:8780,unitPrice:8780,pricebookEntryId:"01uUI000002E9YhYAK",productId:"01tUI0000035US2YAM",sansProductId:"265045",gated:a,productCode:"FOR577-SANS-2025-E265045P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-04-05T01:03:37.000Z",updatedAt:"2024-10-21T17:03:48.000Z",addons:{onDemandPrice:999,netWarsPrice:1775}},event_name:"Cyber Security Training at SANS 2025",event_url:"/sans-2025",event_start_date:"2025-04-13 00:00:00",removal_time_utc:"2025-04-19 04:00:00",csRegion:{region:"americas",subRegion:"usa-and-canada"},childRuns:[{instructors:[{name:"Tarot Wake",url:"/profiles/tarot-wake"}],meetingTimes:[{date:"2025-04-13",end:"2025-04-13T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-04-13T12:30:00+00:00"},{date:"2025-04-14",end:"2025-04-14T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-04-14T13:00:00+00:00"},{date:"2025-04-15",end:"2025-04-15T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-04-15T13:00:00+00:00"},{date:"2025-04-16",end:"2025-04-16T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-04-16T13:00:00+00:00"},{date:"2025-04-17",end:"2025-04-17T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-04-17T13:00:00+00:00"},{date:"2025-04-18",end:"2025-04-18T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-04-18T13:00:00+00:00"}],confId:83910,eventProductId:265045,icon:e,in_language:e,salesforce:{currencyIsoCode:"USD",listPrice:8780,unitPrice:8780,pricebookEntryId:"01uUI000002E9YhYAK",productId:"01tUI0000035US2YAM",sansProductId:"265045",gated:a,productCode:"FOR577-SANS-2025-E265045P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-04-05T01:03:37.000Z",updatedAt:"2024-10-21T17:03:48.000Z",addons:{onDemandPrice:999,netWarsPrice:1775}},trainingFormats:["in_person"],meetingInfo:{times:[{end:"2025-04-13T21:00:00.000Z",start:"2025-04-13T12:30:00.000Z"},{end:"2025-04-14T21:00:00.000Z",start:"2025-04-14T13:00:00.000Z"},{end:"2025-04-15T21:00:00.000Z",start:"2025-04-15T13:00:00.000Z"},{end:"2025-04-16T21:00:00.000Z",start:"2025-04-16T13:00:00.000Z"},{end:"2025-04-17T21:00:00.000Z",start:"2025-04-17T13:00:00.000Z"},{end:"2025-04-18T21:00:00.000Z",start:"2025-04-18T13:00:00.000Z"}],earliest:"2025-04-13T12:30:00.000Z",latest:"2025-04-18T21:00:00.000Z"},event_start:"2025-04-13T12:30:00.000Z",event_end:"2025-04-18T21:00:00.000Z",timezone:"GMT",times:"Starts 13 Apr 2025 at 12:30 PM GMT (6 days)",meetings:["13 Apr 2025: 12:30 PM to 9:00 PM GMT","14 Apr 2025: 1:00 PM to 9:00 PM GMT","15 Apr 2025: 1:00 PM to 9:00 PM GMT","16 Apr 2025: 1:00 PM to 9:00 PM GMT","17 Apr 2025: 1:00 PM to 9:00 PM GMT","18 Apr 2025: 1:00 PM to 9:00 PM GMT"]},{instructors:[{name:"Tarot Wake",url:"/profiles/tarot-wake"}],meetingTimes:[{date:"2025-04-13",end:"2025-04-13T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-04-13T12:30:00+00:00"},{date:"2025-04-14",end:"2025-04-14T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-04-14T13:00:00+00:00"},{date:"2025-04-15",end:"2025-04-15T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-04-15T13:00:00+00:00"},{date:"2025-04-16",end:"2025-04-16T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-04-16T13:00:00+00:00"},{date:"2025-04-17",end:"2025-04-17T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-04-17T13:00:00+00:00"},{date:"2025-04-18",end:"2025-04-18T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-04-18T13:00:00+00:00"}],confId:84015,eventProductId:265470,icon:e,in_language:e,trainingFormats:["live_online"],salesforce:{currencyIsoCode:"USD",listPrice:8780,unitPrice:8780,pricebookEntryId:"01uUI000002E9jRYAS",productId:"01tUI0000035W7nYAE",sansProductId:"265470",gated:a,productCode:"FOR577-LIVEONLINE-84015-E265470P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-04-05T02:03:45.000Z",updatedAt:"2024-10-21T17:03:48.000Z",addons:{onDemandPrice:999,netWarsPrice:1775}},meetingInfo:{times:[{end:"2025-04-13T21:00:00.000Z",start:"2025-04-13T12:30:00.000Z"},{end:"2025-04-14T21:00:00.000Z",start:"2025-04-14T13:00:00.000Z"},{end:"2025-04-15T21:00:00.000Z",start:"2025-04-15T13:00:00.000Z"},{end:"2025-04-16T21:00:00.000Z",start:"2025-04-16T13:00:00.000Z"},{end:"2025-04-17T21:00:00.000Z",start:"2025-04-17T13:00:00.000Z"},{end:"2025-04-18T21:00:00.000Z",start:"2025-04-18T13:00:00.000Z"}],earliest:"2025-04-13T12:30:00.000Z",latest:"2025-04-18T21:00:00.000Z"},event_start:"2025-04-13T12:30:00.000Z",event_end:"2025-04-18T21:00:00.000Z",timezone:"GMT",times:"Starts 13 Apr 2025 at 12:30 PM GMT (6 days)",meetings:["13 Apr 2025: 12:30 PM to 9:00 PM GMT","14 Apr 2025: 1:00 PM to 9:00 PM GMT","15 Apr 2025: 1:00 PM to 9:00 PM GMT","16 Apr 2025: 1:00 PM to 9:00 PM GMT","17 Apr 2025: 1:00 PM to 9:00 PM GMT","18 Apr 2025: 1:00 PM to 9:00 PM GMT"]}],userTimezone:"Africa/Abidjan"},{catalog_image:R,cert_initials:P,cert_name:P,city:"San Diego",conf_id:84390,continent:"NA",country:"US",course_id:1450,delivery_method:"Training Event",delivery_method_group:"Live Training",event_product_id:267150,focus_area:[{display_title:"Digital Forensics, Incident Response & Threat Hunting",parent:[],slug:"digital-forensics",title:"Digital Forensics and Incident Response (DFIR) (Top Level)",uid:"blt64479f3f6bea90c6"}],hidden:0,icon:e,in_language:e,instructors:[],is_long_course:1,linked_run:{linked_conf_id:P,linked_delivery_method:P,linked_delivery_method_group:P,linked_event_product_id:P,linked_icon:e,override_conf_id:84395,override_event_product_id:267365,override_icon:e,override_in_language:e,override_instructors:[],override_linked_modality_code:"IP_LO_SI",override_meeting_times:[{date:"2025-05-05",end:"2025-05-06T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-05T15:30:00+00:00"},{date:"2025-05-06",end:"2025-05-07T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-06T16:00:00+00:00"},{date:"2025-05-07",end:"2025-05-08T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-07T16:00:00+00:00"},{date:"2025-05-08",end:"2025-05-09T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-08T16:00:00+00:00"},{date:"2025-05-09",end:"2025-05-10T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-09T16:00:00+00:00"},{date:"2025-05-10",end:"2025-05-11T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-10T16:00:00+00:00"}],override_summit_discounted_price:P,override_summit_price:P,salesforce:{currencyIsoCode:"USD",listPrice:8780,unitPrice:8780,pricebookEntryId:"01uUI000002u399YAA",productId:"01tUI000003cZwCYAU",sansProductId:"267365",gated:a,productCode:"FOR577-LIVEONLINE-84395-E267365P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-05-13T15:33:49.000Z",updatedAt:"2024-08-17T14:53:59.000Z",addons:{onDemandPrice:999,netWarsPrice:1775}},pricing:8780},meeting_times:[{date:"2025-05-05",end:"2025-05-06T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-05T15:30:00+00:00"},{date:"2025-05-06",end:"2025-05-07T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-06T16:00:00+00:00"},{date:"2025-05-07",end:"2025-05-08T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-07T16:00:00+00:00"},{date:"2025-05-08",end:"2025-05-09T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-08T16:00:00+00:00"},{date:"2025-05-09",end:"2025-05-10T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-09T16:00:00+00:00"},{date:"2025-05-10",end:"2025-05-11T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-10T16:00:00+00:00"}],modality_if_linked:P,name:"LINUX Incident Response and Threat Hunting",presale:0,pricing:8780,pricing_early_bird:"8125.00",pricing_early_bird_2:"8325.00",public_giac_bundle:P,public_od_bundle:999,region:"North America",region_id:12,release_date:P,slug:"linux-threat-hunting-incident-response",state:"CA",summit_discounted_fee:P,summit_early_bird:P,summit_early_bird_2:P,summit_pricing:P,teaser:e,timezone:"US Pacific",timezone_abbreviation:"PT",tz_name:"US/Pacific",salesforce:{currencyIsoCode:"USD",listPrice:8780,unitPrice:8780,pricebookEntryId:"01uUI000002trlzYAA",productId:"01tUI000003cTH8YAM",sansProductId:"267150",gated:a,productCode:"FOR577-SANS-SECURITY-WEST-2025-E267150P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-05-13T14:03:49.000Z",updatedAt:"2024-08-17T14:53:59.000Z",addons:{onDemandPrice:999,netWarsPrice:1775}},event_name:"Cyber Security Training at SANS Security West 2025",event_url:"/sans-security-west-2025",event_start_date:"2025-05-05 00:00:00",removal_time_utc:"2025-05-11 07:00:00",csRegion:{region:"americas",subRegion:"usa-and-canada"},childRuns:[{instructors:[{name:"Staff",url:M}],meetingTimes:[{date:"2025-05-05",end:"2025-05-06T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-05T15:30:00+00:00"},{date:"2025-05-06",end:"2025-05-07T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-06T16:00:00+00:00"},{date:"2025-05-07",end:"2025-05-08T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-07T16:00:00+00:00"},{date:"2025-05-08",end:"2025-05-09T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-08T16:00:00+00:00"},{date:"2025-05-09",end:"2025-05-10T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-09T16:00:00+00:00"},{date:"2025-05-10",end:"2025-05-11T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-10T16:00:00+00:00"}],confId:84390,eventProductId:267150,icon:e,in_language:e,salesforce:{currencyIsoCode:"USD",listPrice:8780,unitPrice:8780,pricebookEntryId:"01uUI000002trlzYAA",productId:"01tUI000003cTH8YAM",sansProductId:"267150",gated:a,productCode:"FOR577-SANS-SECURITY-WEST-2025-E267150P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-05-13T14:03:49.000Z",updatedAt:"2024-08-17T14:53:59.000Z",addons:{onDemandPrice:999,netWarsPrice:1775}},trainingFormats:["in_person"],meetingInfo:{times:[{end:"2025-05-06T00:00:00.000Z",start:"2025-05-05T15:30:00.000Z"},{end:"2025-05-07T00:00:00.000Z",start:"2025-05-06T16:00:00.000Z"},{end:"2025-05-08T00:00:00.000Z",start:"2025-05-07T16:00:00.000Z"},{end:"2025-05-09T00:00:00.000Z",start:"2025-05-08T16:00:00.000Z"},{end:"2025-05-10T00:00:00.000Z",start:"2025-05-09T16:00:00.000Z"},{end:"2025-05-11T00:00:00.000Z",start:"2025-05-10T16:00:00.000Z"}],earliest:"2025-05-05T15:30:00.000Z",latest:"2025-05-11T00:00:00.000Z"},event_start:"2025-05-05T15:30:00.000Z",event_end:"2025-05-11T00:00:00.000Z",timezone:"GMT",times:"Starts 5 May 2025 at 3:30 PM GMT (6 days)",meetings:["5 May 2025: 3:30 PM to 12:00 AM GMT","6 May 2025: 4:00 PM to 12:00 AM GMT","7 May 2025: 4:00 PM to 12:00 AM GMT","8 May 2025: 4:00 PM to 12:00 AM GMT","9 May 2025: 4:00 PM to 12:00 AM GMT","10 May 2025: 4:00 PM to 12:00 AM GMT"]},{instructors:[{name:"Staff",url:M}],meetingTimes:[{date:"2025-05-05",end:"2025-05-06T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-05T15:30:00+00:00"},{date:"2025-05-06",end:"2025-05-07T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-06T16:00:00+00:00"},{date:"2025-05-07",end:"2025-05-08T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-07T16:00:00+00:00"},{date:"2025-05-08",end:"2025-05-09T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-08T16:00:00+00:00"},{date:"2025-05-09",end:"2025-05-10T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-09T16:00:00+00:00"},{date:"2025-05-10",end:"2025-05-11T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-10T16:00:00+00:00"}],confId:84395,eventProductId:267365,icon:e,in_language:e,trainingFormats:["live_online"],salesforce:{currencyIsoCode:"USD",listPrice:8780,unitPrice:8780,pricebookEntryId:"01uUI000002u399YAA",productId:"01tUI000003cZwCYAU",sansProductId:"267365",gated:a,productCode:"FOR577-LIVEONLINE-84395-E267365P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-05-13T15:33:49.000Z",updatedAt:"2024-08-17T14:53:59.000Z",addons:{onDemandPrice:999,netWarsPrice:1775}},meetingInfo:{times:[{end:"2025-05-06T00:00:00.000Z",start:"2025-05-05T15:30:00.000Z"},{end:"2025-05-07T00:00:00.000Z",start:"2025-05-06T16:00:00.000Z"},{end:"2025-05-08T00:00:00.000Z",start:"2025-05-07T16:00:00.000Z"},{end:"2025-05-09T00:00:00.000Z",start:"2025-05-08T16:00:00.000Z"},{end:"2025-05-10T00:00:00.000Z",start:"2025-05-09T16:00:00.000Z"},{end:"2025-05-11T00:00:00.000Z",start:"2025-05-10T16:00:00.000Z"}],earliest:"2025-05-05T15:30:00.000Z",latest:"2025-05-11T00:00:00.000Z"},event_start:"2025-05-05T15:30:00.000Z",event_end:"2025-05-11T00:00:00.000Z",timezone:"GMT",times:"Starts 5 May 2025 at 3:30 PM GMT (6 days)",meetings:["5 May 2025: 3:30 PM to 12:00 AM GMT","6 May 2025: 4:00 PM to 12:00 AM GMT","7 May 2025: 4:00 PM to 12:00 AM GMT","8 May 2025: 4:00 PM to 12:00 AM GMT","9 May 2025: 4:00 PM to 12:00 AM GMT","10 May 2025: 4:00 PM to 12:00 AM GMT"]}],userTimezone:"Africa/Abidjan"},{catalog_image:R,cert_initials:P,cert_name:P,city:"Amsterdam",conf_id:85365,continent:"EU",country:"NL",course_id:1450,delivery_method:"Training Event",delivery_method_group:"Live Training",event_product_id:271630,focus_area:[{display_title:"Digital Forensics, Incident Response & Threat Hunting",parent:[],slug:"digital-forensics",title:"Digital Forensics and Incident Response (DFIR) (Top Level)",uid:"blt64479f3f6bea90c6"}],hidden:0,icon:e,in_language:e,instructors:[],is_long_course:1,linked_run:{linked_conf_id:P,linked_delivery_method:P,linked_delivery_method_group:P,linked_event_product_id:P,linked_icon:e,override_conf_id:85425,override_event_product_id:271740,override_icon:e,override_in_language:e,override_instructors:[],override_linked_modality_code:"IP_LO_SI",override_meeting_times:[{date:"2025-05-19",end:"2025-05-19T15:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-19T06:30:00+00:00"},{date:"2025-05-20",end:"2025-05-20T15:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-20T07:00:00+00:00"},{date:"2025-05-21",end:"2025-05-21T15:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-21T07:00:00+00:00"},{date:"2025-05-22",end:"2025-05-22T15:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-22T07:00:00+00:00"},{date:"2025-05-23",end:"2025-05-23T15:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-23T07:00:00+00:00"},{date:"2025-05-24",end:"2025-05-24T15:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-24T07:00:00+00:00"}],override_summit_discounted_price:P,override_summit_price:P,salesforce:{currencyIsoCode:"EUR",listPrice:8230,unitPrice:8230,pricebookEntryId:"01uUI000004AQgpYAG",productId:"01tUI000004jqBdYAI",sansProductId:"271740",gated:a,productCode:"FOR577-LIVEONLINE-85425-E271740P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-07-25T11:33:49.000Z",updatedAt:"2024-08-17T14:54:03.000Z",addons:{onDemandPrice:905,netWarsPrice:1375}},pricing:8230},meeting_times:[{date:"2025-05-19",end:"2025-05-19T15:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-19T06:30:00+00:00"},{date:"2025-05-20",end:"2025-05-20T15:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-20T07:00:00+00:00"},{date:"2025-05-21",end:"2025-05-21T15:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-21T07:00:00+00:00"},{date:"2025-05-22",end:"2025-05-22T15:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-22T07:00:00+00:00"},{date:"2025-05-23",end:"2025-05-23T15:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-23T07:00:00+00:00"},{date:"2025-05-24",end:"2025-05-24T15:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-24T07:00:00+00:00"}],modality_if_linked:P,name:"LINUX Incident Response and Threat Hunting",presale:0,pricing:8230,pricing_early_bird:"7745.00",pricing_early_bird_2:"7745.00",public_giac_bundle:P,public_od_bundle:905,region:"EMEA",region_id:14,release_date:P,slug:"linux-threat-hunting-incident-response",state:e,summit_discounted_fee:P,summit_early_bird:P,summit_early_bird_2:P,summit_pricing:P,teaser:e,timezone:"Central European Summer Time",timezone_abbreviation:"CEST",tz_name:"Europe/Brussels",salesforce:{currencyIsoCode:"EUR",listPrice:8230,unitPrice:8230,pricebookEntryId:"01uUI000004AQSVYA4",productId:"01tUI000004joWUYAY",sansProductId:"271630",gated:a,productCode:"FOR577-AMSTERDAM-MAY-2025-E271630P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-07-25T10:33:53.000Z",updatedAt:"2024-08-17T14:54:03.000Z",addons:{onDemandPrice:905,netWarsPrice:1375}},event_name:"SANS Amsterdam May 2025",event_url:"/amsterdam-may-2025",event_start_date:"2025-05-12 00:00:00",removal_time_utc:"2025-05-24 22:00:00",csRegion:{region:"emea",subRegion:"mainland-europe"},childRuns:[{instructors:[{name:"Staff",url:M}],meetingTimes:[{date:"2025-05-19",end:"2025-05-19T15:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-19T06:30:00+00:00"},{date:"2025-05-20",end:"2025-05-20T15:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-20T07:00:00+00:00"},{date:"2025-05-21",end:"2025-05-21T15:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-21T07:00:00+00:00"},{date:"2025-05-22",end:"2025-05-22T15:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-22T07:00:00+00:00"},{date:"2025-05-23",end:"2025-05-23T15:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-23T07:00:00+00:00"},{date:"2025-05-24",end:"2025-05-24T15:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-24T07:00:00+00:00"}],confId:85365,eventProductId:271630,icon:e,in_language:e,salesforce:{currencyIsoCode:"EUR",listPrice:8230,unitPrice:8230,pricebookEntryId:"01uUI000004AQSVYA4",productId:"01tUI000004joWUYAY",sansProductId:"271630",gated:a,productCode:"FOR577-AMSTERDAM-MAY-2025-E271630P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-07-25T10:33:53.000Z",updatedAt:"2024-08-17T14:54:03.000Z",addons:{onDemandPrice:905,netWarsPrice:1375}},trainingFormats:["in_person"],meetingInfo:{times:[{end:"2025-05-19T15:00:00.000Z",start:"2025-05-19T06:30:00.000Z"},{end:"2025-05-20T15:00:00.000Z",start:"2025-05-20T07:00:00.000Z"},{end:"2025-05-21T15:00:00.000Z",start:"2025-05-21T07:00:00.000Z"},{end:"2025-05-22T15:00:00.000Z",start:"2025-05-22T07:00:00.000Z"},{end:"2025-05-23T15:00:00.000Z",start:"2025-05-23T07:00:00.000Z"},{end:"2025-05-24T15:00:00.000Z",start:"2025-05-24T07:00:00.000Z"}],earliest:"2025-05-19T06:30:00.000Z",latest:"2025-05-24T15:00:00.000Z"},event_start:"2025-05-19T06:30:00.000Z",event_end:"2025-05-24T15:00:00.000Z",timezone:"GMT",times:"Starts 19 May 2025 at 6:30 AM GMT (6 days)",meetings:["19 May 2025: 6:30 AM to 3:00 PM GMT","20 May 2025: 7:00 AM to 3:00 PM GMT","21 May 2025: 7:00 AM to 3:00 PM GMT","22 May 2025: 7:00 AM to 3:00 PM GMT","23 May 2025: 7:00 AM to 3:00 PM GMT","24 May 2025: 7:00 AM to 3:00 PM GMT"]},{instructors:[{name:"Staff",url:M}],meetingTimes:[{date:"2025-05-19",end:"2025-05-19T15:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-19T06:30:00+00:00"},{date:"2025-05-20",end:"2025-05-20T15:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-20T07:00:00+00:00"},{date:"2025-05-21",end:"2025-05-21T15:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-21T07:00:00+00:00"},{date:"2025-05-22",end:"2025-05-22T15:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-22T07:00:00+00:00"},{date:"2025-05-23",end:"2025-05-23T15:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-23T07:00:00+00:00"},{date:"2025-05-24",end:"2025-05-24T15:00:00+00:00",pm_end:e,pm_start:e,start:"2025-05-24T07:00:00+00:00"}],confId:85425,eventProductId:271740,icon:e,in_language:e,trainingFormats:["live_online"],salesforce:{currencyIsoCode:"EUR",listPrice:8230,unitPrice:8230,pricebookEntryId:"01uUI000004AQgpYAG",productId:"01tUI000004jqBdYAI",sansProductId:"271740",gated:a,productCode:"FOR577-LIVEONLINE-85425-E271740P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-07-25T11:33:49.000Z",updatedAt:"2024-08-17T14:54:03.000Z",addons:{onDemandPrice:905,netWarsPrice:1375}},meetingInfo:{times:[{end:"2025-05-19T15:00:00.000Z",start:"2025-05-19T06:30:00.000Z"},{end:"2025-05-20T15:00:00.000Z",start:"2025-05-20T07:00:00.000Z"},{end:"2025-05-21T15:00:00.000Z",start:"2025-05-21T07:00:00.000Z"},{end:"2025-05-22T15:00:00.000Z",start:"2025-05-22T07:00:00.000Z"},{end:"2025-05-23T15:00:00.000Z",start:"2025-05-23T07:00:00.000Z"},{end:"2025-05-24T15:00:00.000Z",start:"2025-05-24T07:00:00.000Z"}],earliest:"2025-05-19T06:30:00.000Z",latest:"2025-05-24T15:00:00.000Z"},event_start:"2025-05-19T06:30:00.000Z",event_end:"2025-05-24T15:00:00.000Z",timezone:"GMT",times:"Starts 19 May 2025 at 6:30 AM GMT (6 days)",meetings:["19 May 2025: 6:30 AM to 3:00 PM GMT","20 May 2025: 7:00 AM to 3:00 PM GMT","21 May 2025: 7:00 AM to 3:00 PM GMT","22 May 2025: 7:00 AM to 3:00 PM GMT","23 May 2025: 7:00 AM to 3:00 PM GMT","24 May 2025: 7:00 AM to 3:00 PM GMT"]}],userTimezone:"Africa/Abidjan"},{catalog_image:R,cert_initials:P,cert_name:P,city:"London",conf_id:84740,continent:"EU",country:"GB",course_id:1450,delivery_method:"Training Event",delivery_method_group:"Live Training",event_product_id:274195,focus_area:[{display_title:"Digital Forensics, Incident Response & Threat Hunting",parent:[],slug:"digital-forensics",title:"Digital Forensics and Incident Response (DFIR) (Top Level)",uid:"blt64479f3f6bea90c6"}],hidden:0,icon:e,in_language:e,instructors:[],is_long_course:1,linked_run:{linked_conf_id:P,linked_delivery_method:P,linked_delivery_method_group:P,linked_event_product_id:P,linked_icon:e,override_conf_id:86035,override_event_product_id:274285,override_icon:e,override_in_language:e,override_instructors:[],override_linked_modality_code:"IP_LO_SI",override_meeting_times:[{date:"2025-07-07",end:"2025-07-07T16:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-07T07:30:00+00:00"},{date:"2025-07-08",end:"2025-07-08T16:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-08T08:00:00+00:00"},{date:"2025-07-09",end:"2025-07-09T16:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-09T08:00:00+00:00"},{date:"2025-07-10",end:"2025-07-10T16:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-10T08:00:00+00:00"},{date:"2025-07-11",end:"2025-07-11T16:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-11T08:00:00+00:00"},{date:"2025-07-12",end:"2025-07-12T16:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-12T08:00:00+00:00"}],override_summit_discounted_price:P,override_summit_price:P,salesforce:{currencyIsoCode:"GBP",listPrice:7160,unitPrice:7160,pricebookEntryId:"01uUI000005CcUhYAK",productId:"01tUI000005XMaKYAW",sansProductId:"274285",gated:a,productCode:"FOR577-LIVEONLINE-86035-E274285P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-09-23T11:03:55.000Z",updatedAt:"2024-09-23T11:04:05.000Z",addons:{onDemandPrice:775,netWarsPrice:1190}},pricing:7160},meeting_times:[{date:"2025-07-07",end:"2025-07-07T16:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-07T07:30:00+00:00"},{date:"2025-07-08",end:"2025-07-08T16:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-08T08:00:00+00:00"},{date:"2025-07-09",end:"2025-07-09T16:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-09T08:00:00+00:00"},{date:"2025-07-10",end:"2025-07-10T16:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-10T08:00:00+00:00"},{date:"2025-07-11",end:"2025-07-11T16:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-11T08:00:00+00:00"},{date:"2025-07-12",end:"2025-07-12T16:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-12T08:00:00+00:00"}],modality_if_linked:P,name:"LINUX Incident Response and Threat Hunting",presale:0,pricing:7160,pricing_early_bird:"6910.00",pricing_early_bird_2:"6910.00",public_giac_bundle:P,public_od_bundle:775,region:"EMEA",region_id:14,release_date:P,slug:"linux-threat-hunting-incident-response",state:e,summit_discounted_fee:P,summit_early_bird:P,summit_early_bird_2:P,summit_pricing:P,teaser:e,timezone:"British Summer Time",timezone_abbreviation:"BST",tz_name:"Europe/London",salesforce:{currencyIsoCode:"GBP",listPrice:7160,unitPrice:7160,pricebookEntryId:"01uUI000005CcTnYAK",productId:"01tUI000005XMa6YAG",sansProductId:"274195",gated:a,productCode:"FOR577-LONDON-JULY-2025-E274195P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-09-23T11:03:55.000Z",updatedAt:"2024-09-23T11:04:05.000Z",addons:{onDemandPrice:775,netWarsPrice:1190}},event_name:"SANS London July 2025",event_url:"/london-july-2025",event_start_date:"2025-07-07 00:00:00",removal_time_utc:"2025-07-12 23:00:00",csRegion:{region:"emea",subRegion:"united-kingdom-and-ireland"},childRuns:[{instructors:[{name:"Staff",url:M}],meetingTimes:[{date:"2025-07-07",end:"2025-07-07T16:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-07T07:30:00+00:00"},{date:"2025-07-08",end:"2025-07-08T16:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-08T08:00:00+00:00"},{date:"2025-07-09",end:"2025-07-09T16:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-09T08:00:00+00:00"},{date:"2025-07-10",end:"2025-07-10T16:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-10T08:00:00+00:00"},{date:"2025-07-11",end:"2025-07-11T16:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-11T08:00:00+00:00"},{date:"2025-07-12",end:"2025-07-12T16:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-12T08:00:00+00:00"}],confId:84740,eventProductId:274195,icon:e,in_language:e,salesforce:{currencyIsoCode:"GBP",listPrice:7160,unitPrice:7160,pricebookEntryId:"01uUI000005CcTnYAK",productId:"01tUI000005XMa6YAG",sansProductId:"274195",gated:a,productCode:"FOR577-LONDON-JULY-2025-E274195P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-09-23T11:03:55.000Z",updatedAt:"2024-09-23T11:04:05.000Z",addons:{onDemandPrice:775,netWarsPrice:1190}},trainingFormats:["in_person"],meetingInfo:{times:[{end:"2025-07-07T16:00:00.000Z",start:"2025-07-07T07:30:00.000Z"},{end:"2025-07-08T16:00:00.000Z",start:"2025-07-08T08:00:00.000Z"},{end:"2025-07-09T16:00:00.000Z",start:"2025-07-09T08:00:00.000Z"},{end:"2025-07-10T16:00:00.000Z",start:"2025-07-10T08:00:00.000Z"},{end:"2025-07-11T16:00:00.000Z",start:"2025-07-11T08:00:00.000Z"},{end:"2025-07-12T16:00:00.000Z",start:"2025-07-12T08:00:00.000Z"}],earliest:"2025-07-07T07:30:00.000Z",latest:"2025-07-12T16:00:00.000Z"},event_start:"2025-07-07T07:30:00.000Z",event_end:"2025-07-12T16:00:00.000Z",timezone:"GMT",times:"Starts 7 Jul 2025 at 7:30 AM GMT (6 days)",meetings:["7 Jul 2025: 7:30 AM to 4:00 PM GMT","8 Jul 2025: 8:00 AM to 4:00 PM GMT","9 Jul 2025: 8:00 AM to 4:00 PM GMT","10 Jul 2025: 8:00 AM to 4:00 PM GMT","11 Jul 2025: 8:00 AM to 4:00 PM GMT","12 Jul 2025: 8:00 AM to 4:00 PM GMT"]},{instructors:[{name:"Staff",url:M}],meetingTimes:[{date:"2025-07-07",end:"2025-07-07T16:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-07T07:30:00+00:00"},{date:"2025-07-08",end:"2025-07-08T16:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-08T08:00:00+00:00"},{date:"2025-07-09",end:"2025-07-09T16:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-09T08:00:00+00:00"},{date:"2025-07-10",end:"2025-07-10T16:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-10T08:00:00+00:00"},{date:"2025-07-11",end:"2025-07-11T16:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-11T08:00:00+00:00"},{date:"2025-07-12",end:"2025-07-12T16:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-12T08:00:00+00:00"}],confId:86035,eventProductId:274285,icon:e,in_language:e,trainingFormats:["live_online"],salesforce:{currencyIsoCode:"GBP",listPrice:7160,unitPrice:7160,pricebookEntryId:"01uUI000005CcUhYAK",productId:"01tUI000005XMaKYAW",sansProductId:"274285",gated:a,productCode:"FOR577-LIVEONLINE-86035-E274285P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-09-23T11:03:55.000Z",updatedAt:"2024-09-23T11:04:05.000Z",addons:{onDemandPrice:775,netWarsPrice:1190}},meetingInfo:{times:[{end:"2025-07-07T16:00:00.000Z",start:"2025-07-07T07:30:00.000Z"},{end:"2025-07-08T16:00:00.000Z",start:"2025-07-08T08:00:00.000Z"},{end:"2025-07-09T16:00:00.000Z",start:"2025-07-09T08:00:00.000Z"},{end:"2025-07-10T16:00:00.000Z",start:"2025-07-10T08:00:00.000Z"},{end:"2025-07-11T16:00:00.000Z",start:"2025-07-11T08:00:00.000Z"},{end:"2025-07-12T16:00:00.000Z",start:"2025-07-12T08:00:00.000Z"}],earliest:"2025-07-07T07:30:00.000Z",latest:"2025-07-12T16:00:00.000Z"},event_start:"2025-07-07T07:30:00.000Z",event_end:"2025-07-12T16:00:00.000Z",timezone:"GMT",times:"Starts 7 Jul 2025 at 7:30 AM GMT (6 days)",meetings:["7 Jul 2025: 7:30 AM to 4:00 PM GMT","8 Jul 2025: 8:00 AM to 4:00 PM GMT","9 Jul 2025: 8:00 AM to 4:00 PM GMT","10 Jul 2025: 8:00 AM to 4:00 PM GMT","11 Jul 2025: 8:00 AM to 4:00 PM GMT","12 Jul 2025: 8:00 AM to 4:00 PM GMT"]}],userTimezone:"Africa/Abidjan"},{catalog_image:R,cert_initials:P,cert_name:P,city:"Washington",conf_id:85080,continent:"NA",country:"US",course_id:1450,delivery_method:"Training Event",delivery_method_group:"Live Training",event_product_id:269575,focus_area:[{display_title:"Digital Forensics, Incident Response & Threat Hunting",parent:[],slug:"digital-forensics",title:"Digital Forensics and Incident Response (DFIR) (Top Level)",uid:"blt64479f3f6bea90c6"}],hidden:0,icon:e,in_language:e,instructors:[],is_long_course:1,linked_run:{linked_conf_id:P,linked_delivery_method:P,linked_delivery_method_group:P,linked_event_product_id:P,linked_icon:e,override_conf_id:85085,override_event_product_id:270005,override_icon:e,override_in_language:e,override_instructors:[],override_linked_modality_code:"IP_LO_SI",override_meeting_times:[{date:"2025-07-14",end:"2025-07-14T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-14T12:30:00+00:00"},{date:"2025-07-15",end:"2025-07-15T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-15T13:00:00+00:00"},{date:"2025-07-16",end:"2025-07-16T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-16T13:00:00+00:00"},{date:"2025-07-17",end:"2025-07-17T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-17T13:00:00+00:00"},{date:"2025-07-18",end:"2025-07-18T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-18T13:00:00+00:00"},{date:"2025-07-19",end:"2025-07-19T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-19T13:00:00+00:00"}],override_summit_discounted_price:P,override_summit_price:P,salesforce:{currencyIsoCode:"USD",listPrice:8780,unitPrice:8780,pricebookEntryId:"01uUI000003fmGBYAY",productId:"01tUI000004KUoCYAW",sansProductId:"270005",gated:a,productCode:"FOR577-LIVEONLINE-85085-E270005P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-06-25T16:03:54.000Z",updatedAt:"2024-08-17T14:54:01.000Z",addons:{onDemandPrice:999,netWarsPrice:1775}},pricing:8780},meeting_times:[{date:"2025-07-14",end:"2025-07-14T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-14T12:30:00+00:00"},{date:"2025-07-15",end:"2025-07-15T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-15T13:00:00+00:00"},{date:"2025-07-16",end:"2025-07-16T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-16T13:00:00+00:00"},{date:"2025-07-17",end:"2025-07-17T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-17T13:00:00+00:00"},{date:"2025-07-18",end:"2025-07-18T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-18T13:00:00+00:00"},{date:"2025-07-19",end:"2025-07-19T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-19T13:00:00+00:00"}],modality_if_linked:P,name:"LINUX Incident Response and Threat Hunting",presale:0,pricing:8780,pricing_early_bird:"8380.00",pricing_early_bird_2:"8580.00",public_giac_bundle:P,public_od_bundle:999,region:"North America",region_id:12,release_date:P,slug:"linux-threat-hunting-incident-response",state:"DC",summit_discounted_fee:P,summit_early_bird:P,summit_early_bird_2:P,summit_pricing:P,teaser:e,timezone:"US Eastern",timezone_abbreviation:"ET",tz_name:"US/Eastern",salesforce:{currencyIsoCode:"USD",listPrice:8780,unitPrice:8780,pricebookEntryId:"01uUI000003fhoNYAQ",productId:"01tUI000004KSsqYAG",sansProductId:"269575",gated:a,productCode:"FOR577-SANSFIRE-2025-E269575P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-06-25T15:33:45.000Z",updatedAt:"2024-08-17T14:54:01.000Z",addons:{onDemandPrice:999,netWarsPrice:1775}},event_name:"Cyber Security Training at SANSFIRE Washington, DC 2025",event_url:"/sansfire-2025",event_start_date:"2025-07-14 00:00:00",removal_time_utc:"2025-07-20 04:00:00",csRegion:{region:"americas",subRegion:"usa-and-canada"},childRuns:[{instructors:[{name:"Staff",url:M}],meetingTimes:[{date:"2025-07-14",end:"2025-07-14T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-14T12:30:00+00:00"},{date:"2025-07-15",end:"2025-07-15T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-15T13:00:00+00:00"},{date:"2025-07-16",end:"2025-07-16T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-16T13:00:00+00:00"},{date:"2025-07-17",end:"2025-07-17T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-17T13:00:00+00:00"},{date:"2025-07-18",end:"2025-07-18T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-18T13:00:00+00:00"},{date:"2025-07-19",end:"2025-07-19T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-19T13:00:00+00:00"}],confId:85080,eventProductId:269575,icon:e,in_language:e,salesforce:{currencyIsoCode:"USD",listPrice:8780,unitPrice:8780,pricebookEntryId:"01uUI000003fhoNYAQ",productId:"01tUI000004KSsqYAG",sansProductId:"269575",gated:a,productCode:"FOR577-SANSFIRE-2025-E269575P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-06-25T15:33:45.000Z",updatedAt:"2024-08-17T14:54:01.000Z",addons:{onDemandPrice:999,netWarsPrice:1775}},trainingFormats:["in_person"],meetingInfo:{times:[{end:"2025-07-14T21:00:00.000Z",start:"2025-07-14T12:30:00.000Z"},{end:"2025-07-15T21:00:00.000Z",start:"2025-07-15T13:00:00.000Z"},{end:"2025-07-16T21:00:00.000Z",start:"2025-07-16T13:00:00.000Z"},{end:"2025-07-17T21:00:00.000Z",start:"2025-07-17T13:00:00.000Z"},{end:"2025-07-18T21:00:00.000Z",start:"2025-07-18T13:00:00.000Z"},{end:"2025-07-19T21:00:00.000Z",start:"2025-07-19T13:00:00.000Z"}],earliest:"2025-07-14T12:30:00.000Z",latest:"2025-07-19T21:00:00.000Z"},event_start:"2025-07-14T12:30:00.000Z",event_end:"2025-07-19T21:00:00.000Z",timezone:"GMT",times:"Starts 14 Jul 2025 at 12:30 PM GMT (6 days)",meetings:["14 Jul 2025: 12:30 PM to 9:00 PM GMT","15 Jul 2025: 1:00 PM to 9:00 PM GMT","16 Jul 2025: 1:00 PM to 9:00 PM GMT","17 Jul 2025: 1:00 PM to 9:00 PM GMT","18 Jul 2025: 1:00 PM to 9:00 PM GMT","19 Jul 2025: 1:00 PM to 9:00 PM GMT"]},{instructors:[{name:"Staff",url:M}],meetingTimes:[{date:"2025-07-14",end:"2025-07-14T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-14T12:30:00+00:00"},{date:"2025-07-15",end:"2025-07-15T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-15T13:00:00+00:00"},{date:"2025-07-16",end:"2025-07-16T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-16T13:00:00+00:00"},{date:"2025-07-17",end:"2025-07-17T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-17T13:00:00+00:00"},{date:"2025-07-18",end:"2025-07-18T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-18T13:00:00+00:00"},{date:"2025-07-19",end:"2025-07-19T21:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-19T13:00:00+00:00"}],confId:85085,eventProductId:270005,icon:e,in_language:e,trainingFormats:["live_online"],salesforce:{currencyIsoCode:"USD",listPrice:8780,unitPrice:8780,pricebookEntryId:"01uUI000003fmGBYAY",productId:"01tUI000004KUoCYAW",sansProductId:"270005",gated:a,productCode:"FOR577-LIVEONLINE-85085-E270005P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-06-25T16:03:54.000Z",updatedAt:"2024-08-17T14:54:01.000Z",addons:{onDemandPrice:999,netWarsPrice:1775}},meetingInfo:{times:[{end:"2025-07-14T21:00:00.000Z",start:"2025-07-14T12:30:00.000Z"},{end:"2025-07-15T21:00:00.000Z",start:"2025-07-15T13:00:00.000Z"},{end:"2025-07-16T21:00:00.000Z",start:"2025-07-16T13:00:00.000Z"},{end:"2025-07-17T21:00:00.000Z",start:"2025-07-17T13:00:00.000Z"},{end:"2025-07-18T21:00:00.000Z",start:"2025-07-18T13:00:00.000Z"},{end:"2025-07-19T21:00:00.000Z",start:"2025-07-19T13:00:00.000Z"}],earliest:"2025-07-14T12:30:00.000Z",latest:"2025-07-19T21:00:00.000Z"},event_start:"2025-07-14T12:30:00.000Z",event_end:"2025-07-19T21:00:00.000Z",timezone:"GMT",times:"Starts 14 Jul 2025 at 12:30 PM GMT (6 days)",meetings:["14 Jul 2025: 12:30 PM to 9:00 PM GMT","15 Jul 2025: 1:00 PM to 9:00 PM GMT","16 Jul 2025: 1:00 PM to 9:00 PM GMT","17 Jul 2025: 1:00 PM to 9:00 PM GMT","18 Jul 2025: 1:00 PM to 9:00 PM GMT","19 Jul 2025: 1:00 PM to 9:00 PM GMT"]}],userTimezone:"Africa/Abidjan"},{catalog_image:R,cert_initials:P,cert_name:P,city:"Salt Lake City",conf_id:86715,continent:"NA",country:"US",course_id:1450,delivery_method:"Summit",delivery_method_group:"Live Training",event_product_id:278080,focus_area:[{display_title:"Digital Forensics, Incident Response & Threat Hunting",parent:[],slug:"digital-forensics",title:"Digital Forensics and Incident Response (DFIR) (Top Level)",uid:"blt64479f3f6bea90c6"}],hidden:0,icon:e,in_language:e,instructors:[],is_long_course:1,linked_run:{linked_conf_id:P,linked_delivery_method:"Summit",linked_delivery_method_group:P,linked_event_product_id:P,linked_icon:e,override_conf_id:86725,override_event_product_id:278190,override_icon:e,override_in_language:e,override_instructors:[],override_linked_modality_code:"IP_LO_SI",override_meeting_times:[{date:"2025-07-26",end:"2025-07-26T23:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-26T14:30:00+00:00"},{date:"2025-07-27",end:"2025-07-27T23:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-27T15:00:00+00:00"},{date:"2025-07-28",end:"2025-07-28T23:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-28T15:00:00+00:00"},{date:"2025-07-29",end:"2025-07-29T23:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-29T15:00:00+00:00"},{date:"2025-07-30",end:"2025-07-30T23:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-30T15:00:00+00:00"},{date:"2025-07-31",end:"2025-07-31T23:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-31T15:00:00+00:00"}],override_summit_discounted_price:P,override_summit_price:0,salesforce:{currencyIsoCode:"USD",listPrice:8780,unitPrice:8780,pricebookEntryId:"01uUI000005ksMAYAY",productId:"01tUI000005wWMYYA2",sansProductId:"278190",gated:a,productCode:"FOR577-LIVEONLINE-86725-E278190P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-10-24T21:04:15.000Z",updatedAt:"2024-11-18T06:03:46.000Z",addons:{onDemandPrice:999,netWarsPrice:1775}},pricing:8780},meeting_times:[{date:"2025-07-26",end:"2025-07-26T23:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-26T14:30:00+00:00"},{date:"2025-07-27",end:"2025-07-27T23:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-27T15:00:00+00:00"},{date:"2025-07-28",end:"2025-07-28T23:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-28T15:00:00+00:00"},{date:"2025-07-29",end:"2025-07-29T23:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-29T15:00:00+00:00"},{date:"2025-07-30",end:"2025-07-30T23:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-30T15:00:00+00:00"},{date:"2025-07-31",end:"2025-07-31T23:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-31T15:00:00+00:00"}],modality_if_linked:P,name:"LINUX Incident Response and Threat Hunting",presale:0,pricing:8780,pricing_early_bird:"8380.00",pricing_early_bird_2:"8580.00",public_giac_bundle:P,public_od_bundle:999,region:"North America",region_id:12,release_date:P,slug:"linux-threat-hunting-incident-response",state:"UT",summit_discounted_fee:"0.00",summit_early_bird:"525.00",summit_early_bird_2:"525.00",summit_pricing:"525.00",teaser:e,timezone:"US Mountain",timezone_abbreviation:"MT",tz_name:"US/Mountain",salesforce:{currencyIsoCode:"USD",listPrice:8780,unitPrice:8780,pricebookEntryId:"01uUI000005kq4FYAQ",productId:"01tUI000005wUpOYAU",sansProductId:"278080",gated:a,productCode:"FOR577-DIGITAL-FORENSICS-2025-SUMMIT-E278080P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-10-24T20:33:55.000Z",updatedAt:"2024-11-18T06:03:46.000Z",addons:{onDemandPrice:999,netWarsPrice:1775}},event_name:"DFIR Summit & Training 2025",event_url:"/digital-forensics-summit-2025",event_start_date:"2025-07-24 00:00:00",removal_time_utc:"2025-08-01 06:00:00",csRegion:{region:"americas",subRegion:"usa-and-canada"},childRuns:[{instructors:[{name:"Staff",url:M}],meetingTimes:[{date:"2025-07-26",end:"2025-07-26T23:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-26T14:30:00+00:00"},{date:"2025-07-27",end:"2025-07-27T23:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-27T15:00:00+00:00"},{date:"2025-07-28",end:"2025-07-28T23:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-28T15:00:00+00:00"},{date:"2025-07-29",end:"2025-07-29T23:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-29T15:00:00+00:00"},{date:"2025-07-30",end:"2025-07-30T23:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-30T15:00:00+00:00"},{date:"2025-07-31",end:"2025-07-31T23:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-31T15:00:00+00:00"}],confId:86715,eventProductId:278080,icon:e,in_language:e,salesforce:{currencyIsoCode:"USD",listPrice:8780,unitPrice:8780,pricebookEntryId:"01uUI000005kq4FYAQ",productId:"01tUI000005wUpOYAU",sansProductId:"278080",gated:a,productCode:"FOR577-DIGITAL-FORENSICS-2025-SUMMIT-E278080P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-10-24T20:33:55.000Z",updatedAt:"2024-11-18T06:03:46.000Z",addons:{onDemandPrice:999,netWarsPrice:1775}},trainingFormats:["in_person"],meetingInfo:{times:[{end:"2025-07-26T23:00:00.000Z",start:"2025-07-26T14:30:00.000Z"},{end:"2025-07-27T23:00:00.000Z",start:"2025-07-27T15:00:00.000Z"},{end:"2025-07-28T23:00:00.000Z",start:"2025-07-28T15:00:00.000Z"},{end:"2025-07-29T23:00:00.000Z",start:"2025-07-29T15:00:00.000Z"},{end:"2025-07-30T23:00:00.000Z",start:"2025-07-30T15:00:00.000Z"},{end:"2025-07-31T23:00:00.000Z",start:"2025-07-31T15:00:00.000Z"}],earliest:"2025-07-26T14:30:00.000Z",latest:"2025-07-31T23:00:00.000Z"},event_start:"2025-07-26T14:30:00.000Z",event_end:"2025-07-31T23:00:00.000Z",timezone:"GMT",times:"Starts 26 Jul 2025 at 2:30 PM GMT (6 days)",meetings:["26 Jul 2025: 2:30 PM to 11:00 PM GMT","27 Jul 2025: 3:00 PM to 11:00 PM GMT","28 Jul 2025: 3:00 PM to 11:00 PM GMT","29 Jul 2025: 3:00 PM to 11:00 PM GMT","30 Jul 2025: 3:00 PM to 11:00 PM GMT","31 Jul 2025: 3:00 PM to 11:00 PM GMT"]},{instructors:[{name:"Staff",url:M}],meetingTimes:[{date:"2025-07-26",end:"2025-07-26T23:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-26T14:30:00+00:00"},{date:"2025-07-27",end:"2025-07-27T23:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-27T15:00:00+00:00"},{date:"2025-07-28",end:"2025-07-28T23:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-28T15:00:00+00:00"},{date:"2025-07-29",end:"2025-07-29T23:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-29T15:00:00+00:00"},{date:"2025-07-30",end:"2025-07-30T23:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-30T15:00:00+00:00"},{date:"2025-07-31",end:"2025-07-31T23:00:00+00:00",pm_end:e,pm_start:e,start:"2025-07-31T15:00:00+00:00"}],confId:86725,eventProductId:278190,icon:e,in_language:e,trainingFormats:["live_online"],salesforce:{currencyIsoCode:"USD",listPrice:8780,unitPrice:8780,pricebookEntryId:"01uUI000005ksMAYAY",productId:"01tUI000005wWMYYA2",sansProductId:"278190",gated:a,productCode:"FOR577-LIVEONLINE-86725-E278190P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-10-24T21:04:15.000Z",updatedAt:"2024-11-18T06:03:46.000Z",addons:{onDemandPrice:999,netWarsPrice:1775}},meetingInfo:{times:[{end:"2025-07-26T23:00:00.000Z",start:"2025-07-26T14:30:00.000Z"},{end:"2025-07-27T23:00:00.000Z",start:"2025-07-27T15:00:00.000Z"},{end:"2025-07-28T23:00:00.000Z",start:"2025-07-28T15:00:00.000Z"},{end:"2025-07-29T23:00:00.000Z",start:"2025-07-29T15:00:00.000Z"},{end:"2025-07-30T23:00:00.000Z",start:"2025-07-30T15:00:00.000Z"},{end:"2025-07-31T23:00:00.000Z",start:"2025-07-31T15:00:00.000Z"}],earliest:"2025-07-26T14:30:00.000Z",latest:"2025-07-31T23:00:00.000Z"},event_start:"2025-07-26T14:30:00.000Z",event_end:"2025-07-31T23:00:00.000Z",timezone:"GMT",times:"Starts 26 Jul 2025 at 2:30 PM GMT (6 days)",meetings:["26 Jul 2025: 2:30 PM to 11:00 PM GMT","27 Jul 2025: 3:00 PM to 11:00 PM GMT","28 Jul 2025: 3:00 PM to 11:00 PM GMT","29 Jul 2025: 3:00 PM to 11:00 PM GMT","30 Jul 2025: 3:00 PM to 11:00 PM GMT","31 Jul 2025: 3:00 PM to 11:00 PM GMT"]}],userTimezone:"Africa/Abidjan"},{catalog_image:R,cert_initials:P,cert_name:P,city:"Manama",conf_id:83780,continent:"AS",country:"BH",course_id:1450,delivery_method:"Training Event",delivery_method_group:"Live Training",event_product_id:277725,focus_area:[{display_title:"Digital Forensics, Incident Response & Threat Hunting",parent:[],slug:"digital-forensics",title:"Digital Forensics and Incident Response (DFIR) (Top Level)",uid:"blt64479f3f6bea90c6"}],hidden:0,icon:e,in_language:e,instructors:[],is_long_course:1,linked_run:{linked_conf_id:P,linked_delivery_method:P,linked_delivery_method_group:P,linked_event_product_id:P,linked_icon:e,override_conf_id:86415,override_event_product_id:277740,override_icon:e,override_in_language:e,override_instructors:[],override_linked_modality_code:"IP_LO_SI",override_meeting_times:[{date:"2025-09-13",end:"2025-09-13T14:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-13T05:30:00+00:00"},{date:"2025-09-14",end:"2025-09-14T14:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-14T06:00:00+00:00"},{date:"2025-09-15",end:"2025-09-15T14:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-15T06:00:00+00:00"},{date:"2025-09-16",end:"2025-09-16T14:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-16T06:00:00+00:00"},{date:"2025-09-17",end:"2025-09-17T14:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-17T06:00:00+00:00"},{date:"2025-09-18",end:"2025-09-18T14:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-18T06:00:00+00:00"}],override_summit_discounted_price:P,override_summit_price:P,salesforce:{currencyIsoCode:"USD",listPrice:8900,unitPrice:8900,pricebookEntryId:"01uUI000005gXRlYAM",productId:"01tUI000005tfsaYAA",sansProductId:"277740",gated:a,productCode:"FOR577-LIVEONLINE-86415-E277740P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-10-21T15:33:54.000Z",updatedAt:"2024-10-21T15:34:04.000Z",addons:{onDemandPrice:999,netWarsPrice:1775}},pricing:8900},meeting_times:[{date:"2025-09-13",end:"2025-09-13T14:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-13T05:30:00+00:00"},{date:"2025-09-14",end:"2025-09-14T14:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-14T06:00:00+00:00"},{date:"2025-09-15",end:"2025-09-15T14:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-15T06:00:00+00:00"},{date:"2025-09-16",end:"2025-09-16T14:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-16T06:00:00+00:00"},{date:"2025-09-17",end:"2025-09-17T14:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-17T06:00:00+00:00"},{date:"2025-09-18",end:"2025-09-18T14:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-18T06:00:00+00:00"}],modality_if_linked:P,name:"LINUX Incident Response and Threat Hunting",presale:0,pricing:8900,pricing_early_bird:"8400.00",pricing_early_bird_2:"8650.00",public_giac_bundle:P,public_od_bundle:999,region:"EMEA",region_id:14,release_date:P,slug:"linux-threat-hunting-incident-response",state:e,summit_discounted_fee:P,summit_early_bird:P,summit_early_bird_2:P,summit_pricing:P,teaser:e,timezone:"Arabian Standard Time",timezone_abbreviation:"AST",tz_name:"Asia/Bahrain",salesforce:{currencyIsoCode:"USD",listPrice:8900,unitPrice:8900,pricebookEntryId:"01uUI000005gXRNYA2",productId:"01tUI000005tfsUYAQ",sansProductId:"277725",gated:a,productCode:"FOR577-MANAMA-SEPTEMBER-2025-E277725P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-10-21T15:33:54.000Z",updatedAt:"2024-11-06T14:33:46.000Z",addons:{onDemandPrice:999,netWarsPrice:1775}},event_name:"SANS Manama September 2025",event_url:"/manama-september-2025",event_start_date:"2025-09-13 00:00:00",removal_time_utc:"2025-09-25 21:00:00",csRegion:{region:"emea",subRegion:"middle-east-turkey-and-africa"},childRuns:[{instructors:[{name:"Staff",url:M}],meetingTimes:[{date:"2025-09-13",end:"2025-09-13T14:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-13T05:30:00+00:00"},{date:"2025-09-14",end:"2025-09-14T14:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-14T06:00:00+00:00"},{date:"2025-09-15",end:"2025-09-15T14:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-15T06:00:00+00:00"},{date:"2025-09-16",end:"2025-09-16T14:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-16T06:00:00+00:00"},{date:"2025-09-17",end:"2025-09-17T14:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-17T06:00:00+00:00"},{date:"2025-09-18",end:"2025-09-18T14:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-18T06:00:00+00:00"}],confId:83780,eventProductId:277725,icon:e,in_language:e,salesforce:{currencyIsoCode:"USD",listPrice:8900,unitPrice:8900,pricebookEntryId:"01uUI000005gXRNYA2",productId:"01tUI000005tfsUYAQ",sansProductId:"277725",gated:a,productCode:"FOR577-MANAMA-SEPTEMBER-2025-E277725P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-10-21T15:33:54.000Z",updatedAt:"2024-11-06T14:33:46.000Z",addons:{onDemandPrice:999,netWarsPrice:1775}},trainingFormats:["in_person"],meetingInfo:{times:[{end:"2025-09-13T14:00:00.000Z",start:"2025-09-13T05:30:00.000Z"},{end:"2025-09-14T14:00:00.000Z",start:"2025-09-14T06:00:00.000Z"},{end:"2025-09-15T14:00:00.000Z",start:"2025-09-15T06:00:00.000Z"},{end:"2025-09-16T14:00:00.000Z",start:"2025-09-16T06:00:00.000Z"},{end:"2025-09-17T14:00:00.000Z",start:"2025-09-17T06:00:00.000Z"},{end:"2025-09-18T14:00:00.000Z",start:"2025-09-18T06:00:00.000Z"}],earliest:"2025-09-13T05:30:00.000Z",latest:"2025-09-18T14:00:00.000Z"},event_start:"2025-09-13T05:30:00.000Z",event_end:"2025-09-18T14:00:00.000Z",timezone:"GMT",times:"Starts 13 Sep 2025 at 5:30 AM GMT (6 days)",meetings:["13 Sep 2025: 5:30 AM to 2:00 PM GMT","14 Sep 2025: 6:00 AM to 2:00 PM GMT","15 Sep 2025: 6:00 AM to 2:00 PM GMT","16 Sep 2025: 6:00 AM to 2:00 PM GMT","17 Sep 2025: 6:00 AM to 2:00 PM GMT","18 Sep 2025: 6:00 AM to 2:00 PM GMT"]},{instructors:[{name:"Staff",url:M}],meetingTimes:[{date:"2025-09-13",end:"2025-09-13T14:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-13T05:30:00+00:00"},{date:"2025-09-14",end:"2025-09-14T14:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-14T06:00:00+00:00"},{date:"2025-09-15",end:"2025-09-15T14:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-15T06:00:00+00:00"},{date:"2025-09-16",end:"2025-09-16T14:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-16T06:00:00+00:00"},{date:"2025-09-17",end:"2025-09-17T14:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-17T06:00:00+00:00"},{date:"2025-09-18",end:"2025-09-18T14:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-18T06:00:00+00:00"}],confId:86415,eventProductId:277740,icon:e,in_language:e,trainingFormats:["live_online"],salesforce:{currencyIsoCode:"USD",listPrice:8900,unitPrice:8900,pricebookEntryId:"01uUI000005gXRlYAM",productId:"01tUI000005tfsaYAA",sansProductId:"277740",gated:a,productCode:"FOR577-LIVEONLINE-86415-E277740P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-10-21T15:33:54.000Z",updatedAt:"2024-10-21T15:34:04.000Z",addons:{onDemandPrice:999,netWarsPrice:1775}},meetingInfo:{times:[{end:"2025-09-13T14:00:00.000Z",start:"2025-09-13T05:30:00.000Z"},{end:"2025-09-14T14:00:00.000Z",start:"2025-09-14T06:00:00.000Z"},{end:"2025-09-15T14:00:00.000Z",start:"2025-09-15T06:00:00.000Z"},{end:"2025-09-16T14:00:00.000Z",start:"2025-09-16T06:00:00.000Z"},{end:"2025-09-17T14:00:00.000Z",start:"2025-09-17T06:00:00.000Z"},{end:"2025-09-18T14:00:00.000Z",start:"2025-09-18T06:00:00.000Z"}],earliest:"2025-09-13T05:30:00.000Z",latest:"2025-09-18T14:00:00.000Z"},event_start:"2025-09-13T05:30:00.000Z",event_end:"2025-09-18T14:00:00.000Z",timezone:"GMT",times:"Starts 13 Sep 2025 at 5:30 AM GMT (6 days)",meetings:["13 Sep 2025: 5:30 AM to 2:00 PM GMT","14 Sep 2025: 6:00 AM to 2:00 PM GMT","15 Sep 2025: 6:00 AM to 2:00 PM GMT","16 Sep 2025: 6:00 AM to 2:00 PM GMT","17 Sep 2025: 6:00 AM to 2:00 PM GMT","18 Sep 2025: 6:00 AM to 2:00 PM GMT"]}],userTimezone:"Africa/Abidjan"},{catalog_image:R,cert_initials:P,cert_name:P,city:"Las Vegas",conf_id:85755,continent:"NA",country:"US",course_id:1450,delivery_method:"Training Event",delivery_method_group:"Live Training",event_product_id:273195,focus_area:[{display_title:"Digital Forensics, Incident Response & Threat Hunting",parent:[],slug:"digital-forensics",title:"Digital Forensics and Incident Response (DFIR) (Top Level)",uid:"blt64479f3f6bea90c6"}],hidden:0,icon:e,in_language:e,instructors:[],is_long_course:1,linked_run:{linked_conf_id:P,linked_delivery_method:P,linked_delivery_method_group:P,linked_event_product_id:P,linked_icon:e,override_conf_id:85760,override_event_product_id:273540,override_icon:e,override_in_language:e,override_instructors:[],override_linked_modality_code:"IP_LO_SI",override_meeting_times:[{date:"2025-09-22",end:"2025-09-23T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-22T15:30:00+00:00"},{date:"2025-09-23",end:"2025-09-24T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-23T16:00:00+00:00"},{date:"2025-09-24",end:"2025-09-25T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-24T16:00:00+00:00"},{date:"2025-09-25",end:"2025-09-26T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-25T16:00:00+00:00"},{date:"2025-09-26",end:"2025-09-27T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-26T16:00:00+00:00"},{date:"2025-09-27",end:"2025-09-28T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-27T16:00:00+00:00"}],override_summit_discounted_price:P,override_summit_price:P,salesforce:{currencyIsoCode:"USD",listPrice:8780,unitPrice:8780,pricebookEntryId:"01uUI000004ozdPYAQ",productId:"01tUI000005EmbwYAC",sansProductId:"273540",gated:a,productCode:"FOR577-LIVEONLINE-85760-E273540P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-08-30T17:03:52.000Z",updatedAt:"2024-08-30T17:33:45.000Z",addons:{onDemandPrice:999}},pricing:8780},meeting_times:[{date:"2025-09-22",end:"2025-09-23T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-22T15:30:00+00:00"},{date:"2025-09-23",end:"2025-09-24T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-23T16:00:00+00:00"},{date:"2025-09-24",end:"2025-09-25T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-24T16:00:00+00:00"},{date:"2025-09-25",end:"2025-09-26T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-25T16:00:00+00:00"},{date:"2025-09-26",end:"2025-09-27T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-26T16:00:00+00:00"},{date:"2025-09-27",end:"2025-09-28T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-27T16:00:00+00:00"}],modality_if_linked:P,name:"LINUX Incident Response and Threat Hunting",presale:0,pricing:8780,pricing_early_bird:"8380.00",pricing_early_bird_2:"8580.00",public_giac_bundle:P,public_od_bundle:999,region:"North America",region_id:12,release_date:P,slug:"linux-threat-hunting-incident-response",state:"NV",summit_discounted_fee:P,summit_early_bird:P,summit_early_bird_2:P,summit_pricing:P,teaser:e,timezone:"US Pacific",timezone_abbreviation:"PT",tz_name:"US/Pacific",salesforce:{currencyIsoCode:"USD",listPrice:8780,unitPrice:8780,pricebookEntryId:"01uUI000004owlzYAA",productId:"01tUI000005ElXoYAK",sansProductId:"273195",gated:a,productCode:"FOR577-/NETWORK-SECURITY-2025-E273195P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-08-30T16:33:55.000Z",updatedAt:"2024-08-30T17:03:45.000Z",addons:{onDemandPrice:999}},event_name:"Cyber Security Training at SANS Network Security 2025",event_url:"/network-security-2025",event_start_date:"2025-09-22 00:00:00",removal_time_utc:"2025-09-28 07:00:00",csRegion:{region:"americas",subRegion:"usa-and-canada"},childRuns:[{instructors:[{name:"Staff",url:M}],meetingTimes:[{date:"2025-09-22",end:"2025-09-23T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-22T15:30:00+00:00"},{date:"2025-09-23",end:"2025-09-24T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-23T16:00:00+00:00"},{date:"2025-09-24",end:"2025-09-25T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-24T16:00:00+00:00"},{date:"2025-09-25",end:"2025-09-26T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-25T16:00:00+00:00"},{date:"2025-09-26",end:"2025-09-27T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-26T16:00:00+00:00"},{date:"2025-09-27",end:"2025-09-28T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-27T16:00:00+00:00"}],confId:85755,eventProductId:273195,icon:e,in_language:e,salesforce:{currencyIsoCode:"USD",listPrice:8780,unitPrice:8780,pricebookEntryId:"01uUI000004owlzYAA",productId:"01tUI000005ElXoYAK",sansProductId:"273195",gated:a,productCode:"FOR577-/NETWORK-SECURITY-2025-E273195P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-08-30T16:33:55.000Z",updatedAt:"2024-08-30T17:03:45.000Z",addons:{onDemandPrice:999}},trainingFormats:["in_person"],meetingInfo:{times:[{end:"2025-09-23T00:00:00.000Z",start:"2025-09-22T15:30:00.000Z"},{end:"2025-09-24T00:00:00.000Z",start:"2025-09-23T16:00:00.000Z"},{end:"2025-09-25T00:00:00.000Z",start:"2025-09-24T16:00:00.000Z"},{end:"2025-09-26T00:00:00.000Z",start:"2025-09-25T16:00:00.000Z"},{end:"2025-09-27T00:00:00.000Z",start:"2025-09-26T16:00:00.000Z"},{end:"2025-09-28T00:00:00.000Z",start:"2025-09-27T16:00:00.000Z"}],earliest:"2025-09-22T15:30:00.000Z",latest:"2025-09-28T00:00:00.000Z"},event_start:"2025-09-22T15:30:00.000Z",event_end:"2025-09-28T00:00:00.000Z",timezone:"GMT",times:"Starts 22 Sep 2025 at 3:30 PM GMT (6 days)",meetings:["22 Sep 2025: 3:30 PM to 12:00 AM GMT","23 Sep 2025: 4:00 PM to 12:00 AM GMT","24 Sep 2025: 4:00 PM to 12:00 AM GMT","25 Sep 2025: 4:00 PM to 12:00 AM GMT","26 Sep 2025: 4:00 PM to 12:00 AM GMT","27 Sep 2025: 4:00 PM to 12:00 AM GMT"]},{instructors:[{name:"Staff",url:M}],meetingTimes:[{date:"2025-09-22",end:"2025-09-23T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-22T15:30:00+00:00"},{date:"2025-09-23",end:"2025-09-24T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-23T16:00:00+00:00"},{date:"2025-09-24",end:"2025-09-25T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-24T16:00:00+00:00"},{date:"2025-09-25",end:"2025-09-26T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-25T16:00:00+00:00"},{date:"2025-09-26",end:"2025-09-27T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-26T16:00:00+00:00"},{date:"2025-09-27",end:"2025-09-28T00:00:00+00:00",pm_end:e,pm_start:e,start:"2025-09-27T16:00:00+00:00"}],confId:85760,eventProductId:273540,icon:e,in_language:e,trainingFormats:["live_online"],salesforce:{currencyIsoCode:"USD",listPrice:8780,unitPrice:8780,pricebookEntryId:"01uUI000004ozdPYAQ",productId:"01tUI000005EmbwYAC",sansProductId:"273540",gated:a,productCode:"FOR577-LIVEONLINE-85760-E273540P",name:"FOR577: LINUX Incident Response and Threat Hunting",maxQuantity:1,type:Z,createdAt:"2024-08-30T17:03:52.000Z",updatedAt:"2024-08-30T17:33:45.000Z",addons:{onDemandPrice:999}},meetingInfo:{times:[{end:"2025-09-23T00:00:00.000Z",start:"2025-09-22T15:30:00.000Z"},{end:"2025-09-24T00:00:00.000Z",start:"2025-09-23T16:00:00.000Z"},{end:"2025-09-25T00:00:00.000Z",start:"2025-09-24T16:00:00.000Z"},{end:"2025-09-26T00:00:00.000Z",start:"2025-09-25T16:00:00.000Z"},{end:"2025-09-27T00:00:00.000Z",start:"2025-09-26T16:00:00.000Z"},{end:"2025-09-28T00:00:00.000Z",start:"2025-09-27T16:00:00.000Z"}],earliest:"2025-09-22T15:30:00.000Z",latest:"2025-09-28T00:00:00.000Z"},event_start:"2025-09-22T15:30:00.000Z",event_end:"2025-09-28T00:00:00.000Z",timezone:"GMT",times:"Starts 22 Sep 2025 at 3:30 PM GMT (6 days)",meetings:["22 Sep 2025: 3:30 PM to 12:00 AM GMT","23 Sep 2025: 4:00 PM to 12:00 AM GMT","24 Sep 2025: 4:00 PM to 12:00 AM GMT","25 Sep 2025: 4:00 PM to 12:00 AM GMT","26 Sep 2025: 4:00 PM to 12:00 AM GMT","27 Sep 2025: 4:00 PM to 12:00 AM GMT"]}],userTimezone:"Africa/Abidjan"}],structuredSEOContent:{"@context":"http://schema.org/","@type":Z,name:tr,description:c0,educationalCredentialAwarded:e,educationalLevel:k,image:"https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt30b49455f589d225/SANS-Logo",offers:"Paid",provider:{"@type":"Organization",name:Oa,sameAs:Hr},url:"https://www.sans.org/cyber-security-courses/linux-threat-hunting-incident-response/",hasCourseInstance:[{"@type":"CourseInstance",courseMode:"Online and In-person",courseWorkload:"6 days",instructor:{"@type":"Person",name:"Tarot (Taz) Wake",image:Hi}}]},hideCpes:a,worldRegions:[{display_title:"Americas",slug:"americas",subRegions:[{display_title:we,slug:"usa-and-canada",countries:[{uid:"blt1693af35afbbd19a",display_title:"United States",slug:"united-states",country_identifier_from_db:"US"},{uid:"blt86e781d09d6c4ccc",display_title:"Canada",slug:"canada",country_identifier_from_db:"CA"}]},{display_title:ve,slug:"latin-america",countries:[{uid:"blt969a55b520ec8429",display_title:"Argentina",slug:"argentina",country_identifier_from_db:"AR"},{uid:"bltfda67f0bae801d8e",display_title:st,slug:"brazil",country_identifier_from_db:"BR"},{uid:"blt7a8614206f1dd3b1",display_title:"Ecuador",slug:"ecuador",country_identifier_from_db:"EC"},{uid:"blt69b816b0048b51ad",display_title:"Mexico",slug:"mexico",country_identifier_from_db:"MX"}]}]},{display_title:"Asia Pacific",slug:"apac",subRegions:[{display_title:Te,slug:"australia-and-new-zealand",countries:[{uid:"blt688090062802a1f4",display_title:tt,slug:"australia",country_identifier_from_db:"AU"},{uid:"bltdbd66412ef385feb",display_title:"New Zealand",slug:"new-zealand",country_identifier_from_db:"NZ"}]},{display_title:ye,slug:"asia",countries:[{uid:"blt9fd38a0ab86b4298",display_title:vi,slug:"india",country_identifier_from_db:"IN"},{uid:"bltc2903d7a14801310",display_title:"Korea",slug:"korea",country_identifier_from_db:"KR"},{uid:"blt0c3aff1b655000fc",display_title:ot,slug:"singapore",country_identifier_from_db:"SG"},{uid:"bltce75bcbd0af40379",display_title:"Bangladesh",slug:"bangladesh",country_identifier_from_db:"BD"},{uid:"bltaac52fe284177beb",display_title:"Hong Kong",slug:"hong-kong",country_identifier_from_db:"HK"},{uid:"blt663421304da82aac",display_title:"Indonesia",slug:"indonesia",country_identifier_from_db:"ID"},{uid:"blt6e3bb08ede7ab932",display_title:"Malaysia",slug:"malaysia",country_identifier_from_db:"MY"},{uid:"bltbac2d97a53770c13",display_title:"Pakistan",slug:"pakistan",country_identifier_from_db:"PK"},{uid:"blt864befd2282760d2",display_title:"Philippines",slug:"philippines",country_identifier_from_db:"PH"},{uid:"blt77631de67da064a0",display_title:"Sri Lanka",slug:"sri-lanka",country_identifier_from_db:"LK"},{uid:"bltd4984eb0a967ad0b",display_title:"Thailand",slug:"thailand",country_identifier_from_db:"TH"}]},{display_title:it,slug:"japan",countries:[{uid:"blt35bc715fcd782907",display_title:it,slug:"japan",country_identifier_from_db:"JP"}]}]},{display_title:"Europe, Middle East & Africa",slug:"emea",subRegions:[{display_title:Ee,slug:"mainland-europe",countries:[{uid:"blt20abfc9baa53be80",display_title:lt,slug:"netherlands",country_identifier_from_db:"NL"},{uid:"blt3c582b57e84480ff",display_title:"Portugal",slug:"portugal",country_identifier_from_db:"PT"},{uid:"blt30d750b516c76d2a",display_title:"Spain",slug:"spain",country_identifier_from_db:"ES"},{uid:"blt4ebc2ab12089937c",display_title:"Austria",slug:"austria",country_identifier_from_db:"AT"},{uid:"blt9a97f82de472eae8",display_title:nt,slug:"belgium",country_identifier_from_db:"BE"},{uid:"blt08bbe01c11235378",display_title:"Bulgaria",slug:"bulgaria",country_identifier_from_db:"BG"},{uid:"blt5cba4c17105ffa72",display_title:"Croatia",slug:"croatia",country_identifier_from_db:"HR"},{uid:"blt2c5176f9edc06146",display_title:"Czech Republic",slug:"czech-republic",country_identifier_from_db:"CZ"},{uid:"blt18bdeb1e2e21df18",display_title:rt,slug:"france",country_identifier_from_db:"FR"},{uid:"blt6d4d3fa872ddd546",display_title:"Germany",slug:"germany",country_identifier_from_db:"DE"},{uid:"blt2af6f87ec57b5782",display_title:"Hungary",slug:"hungary",country_identifier_from_db:"HU"},{uid:"bltb5f5b91c57726b8b",display_title:"Italy",slug:"italy",country_identifier_from_db:"IT"},{uid:"blt4ee75d42b1e60561",display_title:"Luxembourg",slug:"luxembourg",country_identifier_from_db:"LU"},{uid:"blt8c004f5e860bf711",display_title:"Poland",slug:"poland",country_identifier_from_db:"PL"},{uid:"blte9fa32b9bf4f400b",display_title:"Romania",slug:"romania",country_identifier_from_db:"RO"},{uid:"blt4436e831be545e66",display_title:ct,slug:"switzerland",country_identifier_from_db:"CH"},{uid:"bltf17441ec72459e04",display_title:"Estonia",slug:"estonia",country_identifier_from_db:"EE"},{uid:"bltd3471da849acef0a",display_title:"Georgia",slug:"Georgia",country_identifier_from_db:"GE"}]},{display_title:"Middle East, Turkey, & Africa",slug:"middle-east-turkey-and-africa",countries:[{uid:"bltaa0950aeeb548fc9",display_title:"United Arab Emirates",slug:"united-arab-emirates",country_identifier_from_db:"AE"},{uid:"blt646583848cdeca14",display_title:"Morocco",slug:"morocco",country_identifier_from_db:"MA"},{uid:"blt2e7998ea0c7f4bba",display_title:"South Africa",slug:"south-africa",country_identifier_from_db:"ZA"},{uid:"blt5d11bd56a9d87f52",display_title:"Tunisia",slug:"tunisia",country_identifier_from_db:"TN"},{uid:"blta0b948ff6b3f9662",display_title:"Bahrain",slug:"bahrain",country_identifier_from_db:"BH"},{uid:"blt3002aa77210e271f",display_title:"Egypt",slug:"egypt",country_identifier_from_db:"EG"},{uid:"blt6b8e036ba4bc9253",display_title:"Kuwait",slug:"kuwait",country_identifier_from_db:"KW"},{uid:"blt265a07af9d75587d",display_title:"Lebanon",slug:"lebanon",country_identifier_from_db:"LB"},{uid:"blte5adc0760ff577bf",display_title:"Oman",slug:"oman",country_identifier_from_db:"OM"},{uid:"blt25bd825723e0411d",display_title:"Qatar",slug:"qatar",country_identifier_from_db:"QA"},{uid:"bltaf141478a80724c1",display_title:"Saudi Arabia",slug:"saudi-arabia",country_identifier_from_db:"SA"},{uid:"bltc166f6ab212661ac",display_title:"Turkey",slug:"turkey",country_identifier_from_db:"TR"},{uid:"blta6c8c5c4bf5cc7b1",display_title:"Yemen",slug:"yemen",country_identifier_from_db:"YE"},{uid:"blt55a09a4dea709e05",display_title:"Ghana",slug:"ghana",country_identifier_from_db:"GH"},{uid:"blt60e57b3477534ffa",display_title:"Kenya",slug:"kenya",country_identifier_from_db:"KE"}]},{display_title:Ce,slug:"united-kingdom-and-ireland",countries:[{uid:"blt6e0a7d6fafb3548e",display_title:pt,slug:"united-kingdom",country_identifier_from_db:"GB"},{uid:"bltb2b83e184c2f433e",display_title:"Ireland",slug:"ireland",country_identifier_from_db:"IE"}]},{display_title:Le,slug:"scandinavia",countries:[{uid:"blt02a98e15eb3a11fd",display_title:"Denmark",slug:"denmark",country_identifier_from_db:"DK"},{uid:"blt0eee9ebce039344f",display_title:"Norway",slug:"norway",country_identifier_from_db:"NO"},{uid:"blt0e4418865827c053",display_title:"Finland",slug:"finland",country_identifier_from_db:"FI"},{uid:"blt4454985484d70455",display_title:"Iceland",slug:"iceland",country_identifier_from_db:"IS"},{uid:"blt32e7d081e8c60add",display_title:"Sweden",slug:"sweden",country_identifier_from_db:"SE"}]}]}],trainingOptions:[{uid:"blt3f50bfddef119665",ACL:{},display_title:"In Person",legacy_id:15,order:3,slug:"in_person",tags:[],title:"In Person"},{uid:"blt94e1890bf0989d44",ACL:{},display_title:S,legacy_id:20,order:2,slug:"live_online",tags:[],title:S},{uid:"blt94f3e5849d16c3f8",ACL:{},display_title:"Web-based",legacy_id:125,order:1,slug:"web_based",tags:[],title:"Web-based"},{uid:"blt7d893d5f234074c6",ACL:{},display_title:p,legacy_id:25,order:1,slug:"ondemand",tags:[],title:p}],ondemand_presale_note:"Buy now for access on {{date}}. Use code Presale10 for 10% off course price!",_delivery_groups:[{id:"15",name:"In Person",url_name:"in_person",order:"3"},{id:"20",name:S,url_name:"live_online",order:"2"},{id:"25",name:p,url_name:"ondemand",order:"1"}],trainingFormats:[]},findTrainingImgBanner:{image:{large:Gi,small:Gi,alt:"CENTRAL_Find_Training_and_Testimonials_Banner_2.jpg"},title:"Find ways to take this course",titleTag:"h1",theme:"white",primaryButton:{label:qi,href:"https://www.sans.org/cyber-security-courses/?training-format=live_online&q=FOR577&msc=course-detail"},secondaryButton:{label:A,href:"https://www.sans.org/cyber-security-courses/?training-format=in_person&q=FOR577&msc=course-detail"}},assessment:P,breadcrumbs:[{label:"Home",href:d},{label:y,href:E},{label:tr}],catalog:R,testimonials:void 0,laptopRequirements:'<h5>Important - Bring Your System Configured Using These Directions</h5><p>A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Therefore, we strongly urge you to arrive with a system meeting all the requirements specified for the course.</p><p>As a summary, you can use any operating system that also can install and run VMware virtualization products. <strong>Please note, macOS computers with M1/M2/M3 chips are not currently supported and cannot run the virtual machines provided for this course.</strong></p><p>Please download and install <a href="https://www.vmware.com/products/workstation-pro.html" target="_blank" rel="nofollow" class="external-link">VMware Workstation 15</a> or <a href="https://www.vmware.com/products/fusion.html" target="_blank" rel="nofollow" class="external-link">VMware Fusion 7</a> or higher versions on your system before the start of the class. If you do not own a licensed copy of VMware Workstation or Fusion, you can download a free 30-day trial copy from VMware. VMware will send you a time-limited serial number if you register for the trial on its website.</p><p>This is common sense, but we will say it anyway: Back up your system before class. Better yet, do not have any sensitive data stored on the system. SANS cannot be responsible for your system or data.</p><h5>Mandatory FOR577 System Hardware Requirements:</h5><ul><li>CPU: 64-bit Intel i5/i7 x64 2.0+ GHz (4th generation or above) processor or higher-based system is mandatory for this class (Important - Please Read: a 64-bit system processor is mandatory)</li><li><strong>CRITICAL NOTE: Apple Silicon devices cannot perform the necessary virtualization and therefore cannot in any way be used for this course.</strong></li><li>BIOS settings must be set to enable virtualization technology, such as "Intel-VT." Be absolutely certain you can access your BIOS if it is password protected, in case changes are necessary.</li><li>16 GB of RAM or more is required.</li><li>350GB of free storage space or more is required.</li><li><span></span>At least one available USB 3.0 Type-A port. A Type-C to Type-A adapter may be necessary for newer laptops. Some endpoint protection software prevents the use of USB devices, so test your system with a USB drive before class.</li><li><span>Wireless networking (802.11 standard) is required. There is no wired Internet access in the classroom. Local Administrator Access is required. This is absolutely required. Don\'t let your IT team tell you otherwise. If your company will not permit this access for the duration of the course, then you should make arrangements to bring a different laptop.</span></li><li><span>Local Administrator Access is required. This is absolutely required. Don\'t let your IT team tell you otherwise. If your company will not permit this access for the duration of the course, then you should make arrangements to bring a different laptop.</span></li><li><span>PLEASE NOTE: Do NOT use the version of the SIFT Workstation downloaded from the Internet. We will provide a custom FOR577 version specifically configured for training on Day 1 of the course.</span></li></ul><h5>Mandatory FOR577 System Software Requirements (Please install the following before the beginning of the class):</h5><ol><li>Install <a href="https://www.vmware.com/products/workstation-pro.html" target="_blank" rel="nofollow" class="external-link">VMware Workstation 15</a> or <a href="https://www.vmware.com/products/workstation-pro.html" target="_blank" rel="nofollow" class="external-link">VMware Fusion 7</a> (or a higher version)</li><li>Download and install <a href="https://7-zip.org/" target="_blank" rel="nofollow" class="external-link">7Zip</a> on your host.</li></ol><p><strong>Additional notes:</strong></p><ul><li>Your course media is delivered via download from the SANS "Course Material Downloads" page. The media files for class will be large, in the 40 - 50 GB range. You need to allow plenty of time for the download to complete. Internet connections and speeds vary greatly and are dependent on many different factors. Therefore, it is not possible to give an estimate of the length of time it will take to download your materials. Please start your course media downloads as soon as you get the link. You will need your course media immediately on the first day of class. Waiting until the night before the class starts to begin your download has a high probability of failure.</li><li>SANS has begun providing printed materials in PDF form. This course uses an electronic workbook in addition to the PDFs. We have found that a second monitor and/or a tablet device can be useful for keeping the class materials visible while the instructor is presenting or while you are working on lab exercises.</li><li>Bring/install any other forensic tool you feel could be useful (EnCase, FTK, etc.). For the final challenge at the end of the course, you can utilize any forensic tool, including commercial capabilities. If you have any dongles, licensed software, you are free to use them.</li><li>Again, DO NOT use the version of the SIFT Workstation downloaded from the Internet. We will provide you with a version specifically configured for the FOR577 materials on Day 1 of the course.</li></ul><p>If you have additional questions about the laptop specifications, please contact <a href="https://www.sans.org/about/contact/" target="_self">customer service</a>.</p>',prerequisites:zi,whatYouWillLearn:Yi,brochure:Bi,header:{authors:[{name:" Tarot (Taz) Wake ",position:"Certified Instructor",imgSrc:Hi,href:{href:"/profiles/tarot-wake",label:Vi,ariaLabel:Vi}}],certificate:P,description:Ji,tags:[{title:Xi,icon:ji},{title:qi,icon:Qi}],title:tr,demoLink:"https://www.sans.org/ondemand/get-demo/1450",registerLink:"/cyber-security-courses/linux-threat-hunting-incident-response/#register-now",buttonOverrides:{override_primary_button:a,override_secondary_button:a,primary_button:Ki,secondary_button:$i,overridePrimaryButton:a,overrideSecondaryButton:a},courseIndicator:{label:"New",color:"yellow"}},whoShouldAttend:e0,authorStatement:a0,syllabus:[{title:t0,description:"<h5>Overview</h5><p>Incident responders and threat hunters should be armed with the latest tools, techniques, and processes (TTPs) to identify, track, and contain advanced adversaries and to remediate incidents. It is important that our DFIR knowledge includes our own TTPs and those used by our adversaries. Section 1 introduces the fundamentals of incident response and then looks at the specific needs to carry out our duties in a Linux environment. The section starts by examining the reasons why we need incident response and presents SANS' six-step incident response methodology as it applies to an enterprise's response to a targeted attack. </p><p>This section will also introduce the Stark Skunkworks intrusion scenario, which sets the stage for our lab exercises and capstone challenge. This is followed by looking at how, as incident responders, we can use the Linux command line to our advantage and analyze common activity such as installing specific software packages. </p><p>We finish the section by looking at the importance of developing cyber threat intelligence to impact the adversaries' kill chain. We'll demonstrate forensic live response techniques and tactics that can be applied both to single systems and across the entire enterprise. </p><h5>Exercises</h5><ul><li>SIFT Workstation orientation</li><li>Situational awareness in incident response: Understanding Stark Skunkworks</li><li>Introduction to Linux commands and how to use them in Digital Forensics and Incident Response (DFIR)</li><li>Reviewing package management evidence</li><li>Threat intelligence and threat hunting</li></ul><h5>Topics</h5><ul><li>Why Incident Response Is Needed<ul><li>Who are our adversaries?</li><li><span>The current state of Linux intrusions</span></li></ul></li><li>The Incident Response Process<ul><li><span>Preparation: Key tools, techniques, and procedures that an incident response team needs to respond properly to intrusions</span></li><li><span>Identification/Scoping: Proper scoping of an incident and detecting all compromised systems in the enterprise</span></li><li><span>Containment/Intelligence Development: Restricting access, monitoring, and learning about the adversary in order to develop threat intelligence</span></li><li><span>Eradication/Remediation: Determining and executing key steps that must be taken to help stop the current incident and then move to real-time remediation</span></li><li><span>Recovery: Recording the threat intelligence to be used in the event of a similar adversary returning to the enterprise</span></li><li><span>Avoiding \"Whack-A-Mole\" Incident Response: Going beyond immediate eradication without proper incident scoping/containment</span></li></ul></li><li>SRL Skunkworks<ul><li><span>Introduction to the course scenario</span></li><li><span>Client background</span></li></ul></li><li>Introduction to Linux<ul><li><span>Linux basics</span></li><li><span>DFIR challenges</span></li><li><span>The distro problem</span></li><li><span>Linux terminal basics</span></li></ul></li><li>Package Management<ul><li><span>Distro differences</span></li><li><span>Package management tool differences</span></li><li><span>Manual analysis</span></li></ul></li><li>Threat Intelligence and Host-based Threat Hunting<ul><li><span>Hunting vs. reactive response</span></li><li><span>Intelligence-driven incident response</span></li><li><span>Building a continuous incident response/threat hunting capability</span></li><li><span>Forensic analysis versus threat hunting across endpoints</span></li><li><span>Threat hunt team roles</span></li></ul></li></ul>"},{title:n0,description:'<h5>Overview</h5><p align="left">Disk evidence collection and analysis skills are crucial for incident responders, forensic investigators, and threat hunters because they allow for identifying the source and scope of a security breach. Digital forensic experts need to collect and preserve data from disk storage devices such as hard drives, solid-state drives, and USB drives in order to determine how an attack occurred, what data was accessed or stolen, and who was responsible. Without this critical evidence, it is challenging to reconstruct the events leading up to the breach and determine the necessary steps to prevent similar incidents from happening in the future.</p><p align="left">Moreover, disk analysis skills help responders and investigators identify the type of malware or malicious code used in the attack. This information is essential to determine the tactics, techniques, and procedures used by the attackers and their motivations. By analyzing the data stored on disks, responders and investigators can identify suspicious files, unusual network traffic patterns, and other indicators of compromise. They can then use this information to develop countermeasures to mitigate the risk of further attacks.</p><p align="left">Fundamentally, the ability to collect evidence from disks is critical for DFIR because most digital evidence is stored on disk storage devices, making the devices an essential source of information for responders, investigators, and threat hunters. Even if you just need to collect log data, being able to collect it from a disk image opens up opportunities for a broad range of incident response solutions. In addition, disk storage devices often hold deleted files and other remnants of past activities, which can provide valuable clues to the sequence of events leading up to an incident.</p><p></p><h5>Exercises</h5><ul><li>Introduction to the Sleuth Kit </li><li>Reviewing filesystem data </li><li>Disk evidence collection</li><li>Reviewing operating system filesystems</li></ul><h5>Topics</h5><ul><li>The Sleuth Kit<ul><li><span>Introduction and the layers model</span></li><li><span>Filesystem layer tools</span></li><li><span>Filename layer tools</span></li><li><span>Metadata layer tools</span></li><li><span>Data units layer tools</span></li><li>Application layer tools</li></ul></li></ul><ul><li>Linux File Systems<ul><li>Overview</li><li>Basic structures - superblocks and inodes</li><li><span>Ext family</span></li><li><span>XFS family</span></li><li><span>Manually extracting data</span></li></ul></li><li>Disk Evidence Collection<ul><li><span>Physical vs. virtual systems</span></li><li>dd</li><li><span>dcfldd</span></li><li><span>dc3dd</span></li><li><span>Ewfacquire</span></li></ul></li><li>Image Mounting<ul><li><span>RAW/Simple files</span></li><li><span>E01 format evidence files</span></li><li><span>Complex files</span></li></ul></li><li>Operating System File Structures<ul><li><span>File system hierarchy</span></li><li><span>Boot file locations</span></li><li><span>Binary file locations</span></li><li><span>Configuration file locations</span></li><li><span>Devices and driver file locations</span></li><li><span>Shared libraries</span></li><li><span>User profiles</span></li><li><span>Optionally installed files</span></li><li><span>Temporary file locations</span></li><li><span>Runtime data</span></li></ul></li><li>File System Artifacts<ul><li><span>Hunting tips</span></li><li><span>Areas to investigate</span></li></ul></li></ul>'},{title:s0,description:"<h5>Overview</h5><p>Section 3 looks at how to use the data logged by the operating system to profile the device and analyze boot sequences, kernel activity, logins and user events. The section covers default log data, Auditd (although this isn't enabled by default on all Linux distros, you should definitely consider turning it on) and the Operating System Journal. </p><p>Log data is a fundamental evidence source for incident response and threat hunting. It allows investigators to understand what happened and when it happened. Using built-in capabilities, we can peel back the actions of our adversaries and, with well-configured logging, make it almost impossible for an attacker to completely hide from our investigation. Unfortunately, Linux logging can be significantly different from what we are used to -- especially if we have come from a Windows DFIR background. Significant issues faced by investigators include the different ways Linux distro's log data and a mix between UTC and local timestamps. This section will look at strategies you can implement to manage and mitigate these issues.</p><h5>Exercises</h5><ul><li>System and log profiling</li><li>Reviewing system logs</li><li>Analyzing authentication logs</li><li>Reviewing webserver logs</li><li>Reviewing database logs</li><li>AuditD logs the Journal</li></ul><h5>Topics</h5><ul><li>Device Profiling<ul><li><p>Evidence management</p></li><li><span>Confirm the device</span></li><li><span>Check time zones</span></li><li><span>Validate the distro</span></li></ul></li></ul><ul><li>Linux Logs<ul><li><span>Linux logging basics</span></li><li><span>Log analysis strategies</span></li><li><span>Syslog and Logrotate</span></li><li><span>Global system logs -- logging the kernel, boot processes, system messages and background services</span></li><li><span>Authentication logs -- authentication, privilege use, binary and plain text log formats</span></li><li><span>Application logs -- webservers, databases, filesharing and firewall logs</span></li></ul></li><li><p>Auditd</p><ul><li><span>Introduction</span></li><li><span>Log file format</span></li><li><span>Analysis techniques</span></li></ul></li></ul><ul><li>The Operating System Journal<ul><li><span>Introduction</span></li><li><span>How the journal works</span></li><li><span>What gets logged</span></li><li><span>Analysis techniques</span></li></ul></li></ul>"},{title:r0,description:'<h5>Overview</h5><p align="left">Section 4 expands on the knowledge we have built so far and introduces tools and techniques to respond to intrusions in larger enterprises. The section starts by looking at how to scale your response and some of the tools that can assist with this. This topic is then developed further as we move into Endpoint Detection and Response (EDR) solutions for the Linux environment and introduce two alternatives to expensive commercial EDR tools -- OSSEC and Velociraptor. We\'ll cover how to configure and deploy both tools, enabling you to make sure that all your Linux devices have good quality monitoring and response capabilities.</p><p align="left">Finally, this section looks at Linux memory structures and how to collect volatile data for analysis. Given that this can be a complex process, and that analytical tools today are still not what they should be, we also look at using live response techniques to view this data on a target system. This has the added benefit of being something we can leverage through EDR tools, reducing the time and bandwidth required to capture memory from systems where the installed RAM could be running in the hundreds of gigabytes.</p><p></p><h5>Exercises</h5><ul><li>EDR Tools</li><li>Capturing RAM</li><li>Live memory analysis</li></ul><h5>Topics</h5><ul><li>Enterprise Response<ul><li><span>Introduction</span></li><li><span>Problems and solutions</span></li><li><span>Tools to consider</span></li></ul></li><li>Endpoint Detection and Response (EDR)<ul><li><span>Introduction</span></li><li><span>Linux EDR issues</span></li><li><span>Alternatives to commercial EDR</span></li><li><span>OSSEC deployment and use</span></li><li><span>Velociraptor deployment and use</span></li></ul></li><li>Linux Memory and DFIR<ul><li><span>Why memory matters</span></li><li><span>Memory acquisition with AVML</span></li><li><span>Memory locations on the filesystem</span></li></ul></li><li>Live memory analysis<ul><li><span>Reviewing /proc</span></li><li><span>Live response workflow</span></li></ul></li></ul>'},{title:i0,description:'<h5>Overview</h5><p align="left">This course section builds on the previous sections by looking at how we can use our increased knowledge to enhance our incident response work. We start by looking at triage, which is essential for any modern incident response, especially in large enterprises. We introduce the concept of rapidly assessing systems to make quick decisions about which devices need further investigation. This approach allows us to quickly work through large environments and focus our investigative efforts where they provide maximum value. We\'ll also look at freely available tools that help facilitate triage and improve response times.</p><p align="left">The section then moves to looking at timeline generation. Timelines are arguably an incident responder\'s superpower, allowing you to uncover some of the deepest secrets about an attack. We will look at two basic methods for building timelines and how to analyze them effectively.</p><p align="left">Once we understand the timelines, we will look at how attackers try to defeat them, then examine the most common anti-forensic techniques and how incident responders can minimize their impact on the investigation. We close the section with a broad discussion on how to make incident response in Linux better.</p><p></p><h5>Exercises</h5><ul><li>Running triage tools</li><li>Triage assessment</li><li>Filesystem timelines</li><li>Super timeline creation</li><li>Super timeline analysis</li></ul><h5>Topics</h5><ul><li>Triage and DFIR Tools<ul><li><span>Introduction and concepts</span></li><li><span>Workflow</span></li><li><span>Collecting the data</span></li><li><span>Open-source triage tools</span></li><li><span>CyLR</span></li><li><span>GRR</span></li><li><span>Velociraptor offline collectors</span></li><li><span>Dissect</span></li><li><span>Triage with UAC</span></li><li><span>Build your own triage scripts</span></li></ul></li><li>Timelines<ul><li><span>Introduction</span></li><li><span>Types of timelines</span></li><li><span>Filesystem timeline creation and analysis</span></li><li><span>Super-timeline creation and analysis</span></li><li><span>Targeted timeline creation</span></li></ul></li><li>Anti-Forensics<ul><li><span>What to look for</span></li><li><span>Timestamp manipulation</span></li><li><span>Recovering deleted files</span></li></ul></li><li>Improving Incident Response<ul><li><span>Workflows</span></li><li><span>Hardening the environment</span></li></ul></li></ul>'},{title:l0,description:'<h5>Overview</h5><p>This incredibly rich and realistic Intrusion Forensic Challenge is based on a real-world advanced persistent threat (APT) group. It brings together techniques learned throughout the course and tests your newly acquired skills in a case that simulates an attack by an advanced adversary. The challenge is based on a real intrusion into a Linux enterprise environment. You will be asked to uncover how the systems were compromised in the initial intrusion, find other systems the adversary moved to laterally, and identify intellectual property stolen via data exfiltration. This capstone exercise will enable you to leave the course with hands-on experience investigating realistic attacks, curated by a cadre of instructors with decades of experience fighting advanced threats from attackers ranging from nation-states to financial crime syndicates and hactivist groups.</p><h5>Topics</h5><ul><li>Work in incident response teams to analyze multiple systems in an enterprise network</li><li>Learn to identify and track attacker actions across a multi-device environment finding initial exploitation, reconnaissance, persistence, privilege escalation, lateral movement, and data theft/exfiltration</li><li>Witness and participate in a team-based approach to incident response</li><li>Discover evidence of some of the most common and sophisticated attacks in the wild, including custom nation-state malware.</li><li>Each team will be asked to answer key questions, just as they would during a real breach in their organizations, in critical areas outlined below:</li></ul><h6>Identification and Scoping:</h6><ul><li>When did the APT group breach our network?</li><li>How did the attackers get into the environment?</li><li>What systems were compromised?</li><li>What accounts and privileges did the attackers attain on each system?</li><li>When and how did the attackers first laterally move to each system?</li></ul><h6>Containment and Threat Intelligence Gathering:</h6><ul><li>Once on other systems, what did the attackers look for on each system?</li><li>What data was exfiltrated and how? Determine what was stolen (recover any archives exfiltrated, find encoding passwords, and extract the contents to verify extracted data) and perform damage assessments.</li><li>Collect and list all malware used in the attack.</li><li>Develop and present security intelligence or an indicator of compromise for the APT group "beacon" malware for both host- and network-based enterprise scoping. What specific indicators exist for the use of this malware?</li></ul><h6>Remediation and Recovery:</h6><ul><li>What accounts need password changes? Did any malicious accounts get created?</li><li>Based on the attacker techniques and tools discovered during the incident, what are the recommended steps to remediate and recover from this incident?<ul><li><span>What systems need to be rebuilt?</span></li><li><span>What IP addresses need to be blocked?</span></li><li><span>What countermeasures should we deploy to slow or stop these attackers if they come back?</span></li><li><span>What recommendations would you make to detect these intruders in our network again?</span></li></ul></li></ul>'}],cpeCredits:36,noticeBox:e,giac:{title:P,description:e,exists:a,type:e,url:"https://www.giac.org/certificationsnull"},relatedPrograms:[],waysToLearn:[{text:"Cybersecurity learning – at YOUR pace! OnDemand provides unlimited access to your training wherever, whenever. All labs, exercises, and live support from SANS subject matter experts included.",tag:{title:p,icon:Qi},order:"1",linkData:{linkText:"Register Now",trainingFormat:"ondemand",context:Br,label:R}},{text:"The full SANS experience live at home! Get the ultimate in virtual, interactive SANS courses with leading SANS instructors via live stream. Following class, plan to kick back and enjoy a keynote from the couch. ",tag:{title:S,icon:"fa-live-online"},order:"2",linkData:{linkText:"View Available Dates & Time Zones",trainingFormat:"live_online",context:Br,label:R}},{text:"Did someone say ALL-ACCESS? On-site immersion via in-classroom course sessions led by world-class SANS instructors fill your day, while bonus receptions and workshops fill your evenings. ",tag:{title:Xi,icon:ji},order:"3",linkData:{linkText:"View Available Dates & Locations",trainingFormat:"in_person",context:Br,label:R}}],justificationLetterURL:"https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/blt34981ff64188901a/660683e518980f44f7201995/SANS_Justify_Training_FOR577.docx",extendedOverview:e,canRegister:!0,video:e,hasDemo:!0,hideCpes:a,overridePrimary:a,overrideSecondary:a,overrideButtons:{primary:Ki,secondary:$i}},courseSpecifics:[{uid:"blt6f576d75de14c40b",ACL:{},author_statement:a0,course_brochure:{is_dir:a,uid:"bltc0b4fe7e481696e2",ACL:{},content_type:"application/pdf",description:e,file_size:"124110",filename:o0,parent_uid:"bltcbf36a9b50cf15b8",tags:[],title:o0,url:Bi},intro:Ji,labs:e,laptop_requirements:'<h5>Important - Bring Your System Configured Using These Directions</h5><p>A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Therefore, we strongly urge you to arrive with a system meeting all the requirements specified for the course.</p><p>As a summary, you can use any operating system that also can install and run VMware virtualization products. <strong>Please note, macOS computers with M1/M2/M3 chips are not currently supported and cannot run the virtual machines provided for this course.</strong></p><p>Please download and install <a href="https://www.vmware.com/products/workstation-pro.html" target="_blank">VMware Workstation 15</a> or <a href="https://www.vmware.com/products/fusion.html" target="_blank">VMware Fusion 7</a> or higher versions on your system before the start of the class. If you do not own a licensed copy of VMware Workstation or Fusion, you can download a free 30-day trial copy from VMware. VMware will send you a time-limited serial number if you register for the trial on its website.</p><p>This is common sense, but we will say it anyway: Back up your system before class. Better yet, do not have any sensitive data stored on the system. SANS cannot be responsible for your system or data.</p><h5>Mandatory FOR577 System Hardware Requirements:</h5><ul><li>CPU: 64-bit Intel i5/i7 x64 2.0+ GHz (4th generation or above) processor or higher-based system is mandatory for this class (Important - Please Read: a 64-bit system processor is mandatory)</li><li><strong>CRITICAL NOTE: Apple Silicon devices cannot perform the necessary virtualization and therefore cannot in any way be used for this course.</strong></li><li>BIOS settings must be set to enable virtualization technology, such as "Intel-VT." Be absolutely certain you can access your BIOS if it is password protected, in case changes are necessary.</li><li>16 GB of RAM or more is required.</li><li>350GB of free storage space or more is required.</li><li><span></span>At least one available USB 3.0 Type-A port. A Type-C to Type-A adapter may be necessary for newer laptops. Some endpoint protection software prevents the use of USB devices, so test your system with a USB drive before class.</li><li><span>Wireless networking (802.11 standard) is required. There is no wired Internet access in the classroom. Local Administrator Access is required. This is absolutely required. Don\'t let your IT team tell you otherwise. If your company will not permit this access for the duration of the course, then you should make arrangements to bring a different laptop.</span></li><li><span>Local Administrator Access is required. This is absolutely required. Don\'t let your IT team tell you otherwise. If your company will not permit this access for the duration of the course, then you should make arrangements to bring a different laptop.</span></li><li><span>PLEASE NOTE: Do NOT use the version of the SIFT Workstation downloaded from the Internet. We will provide a custom FOR577 version specifically configured for training on Day 1 of the course.</span></li></ul><h5>Mandatory FOR577 System Software Requirements (Please install the following before the beginning of the class):</h5><ol><li>Install <a href="https://www.vmware.com/products/workstation-pro.html" target="_blank">VMware Workstation 15</a> or <a href="https://www.vmware.com/products/workstation-pro.html" target="_blank">VMware Fusion 7</a> (or a higher version)</li><li>Download and install <a href="https://7-zip.org/" target="_blank">7Zip</a> on your host.</li></ol><p><strong>Additional notes:</strong></p><ul><li>Your course media is delivered via download from the SANS "Course Material Downloads" page. The media files for class will be large, in the 40 - 50 GB range. You need to allow plenty of time for the download to complete. Internet connections and speeds vary greatly and are dependent on many different factors. Therefore, it is not possible to give an estimate of the length of time it will take to download your materials. Please start your course media downloads as soon as you get the link. You will need your course media immediately on the first day of class. Waiting until the night before the class starts to begin your download has a high probability of failure.</li><li>SANS has begun providing printed materials in PDF form. This course uses an electronic workbook in addition to the PDFs. We have found that a second monitor and/or a tablet device can be useful for keeping the class materials visible while the instructor is presenting or while you are working on lab exercises.</li><li>Bring/install any other forensic tool you feel could be useful (EnCase, FTK, etc.). For the final challenge at the end of the course, you can utilize any forensic tool, including commercial capabilities. If you have any dongles, licensed software, you are free to use them.</li><li>Again, DO NOT use the version of the SIFT Workstation downloaded from the Internet. We will provide you with a version specifically configured for the FOR577 materials on Day 1 of the course.</li></ul><p>If you have additional questions about the laptop specifications, please contact <a href="https://www.sans.org/about/contact/" target="_self">customer service</a>.</p>',notice_box:e,overview:Yi,overview_tipdowns:[],prerequisites:zi,pricing_intro:e,show_unused_fields:a,syllabus:[{section_name:t0,_metadata:{uid:"csc26cc4a2f1678f06"},cpe_credits:6,section_overview:"<p>Incident responders and threat hunters should be armed with the latest tools, techniques, and processes (TTPs) to identify, track, and contain advanced adversaries and to remediate incidents. It is important that our DFIR knowledge includes our own TTPs and those used by our adversaries. Section 1 introduces the fundamentals of incident response and then looks at the specific needs to carry out our duties in a Linux environment. The section starts by examining the reasons why we need incident response and presents SANS' six-step incident response methodology as it applies to an enterprise's response to a targeted attack. </p><p>This section will also introduce the Stark Skunkworks intrusion scenario, which sets the stage for our lab exercises and capstone challenge. This is followed by looking at how, as incident responders, we can use the Linux command line to our advantage and analyze common activity such as installing specific software packages. </p><p>We finish the section by looking at the importance of developing cyber threat intelligence to impact the adversaries' kill chain. We'll demonstrate forensic live response techniques and tactics that can be applied both to single systems and across the entire enterprise. </p>",section_exercises:"<ul><li>SIFT Workstation orientation</li><li>Situational awareness in incident response: Understanding Stark Skunkworks</li><li>Introduction to Linux commands and how to use them in Digital Forensics and Incident Response (DFIR)</li><li>Reviewing package management evidence</li><li>Threat intelligence and threat hunting</li></ul>",section_topics:'<ul><li>Why Incident Response Is Needed<ul><li>Who are our adversaries?</li><li><span>The current state of Linux intrusions</span></li></ul></li><li>The Incident Response Process<ul><li><span>Preparation: Key tools, techniques, and procedures that an incident response team needs to respond properly to intrusions</span></li><li><span>Identification/Scoping: Proper scoping of an incident and detecting all compromised systems in the enterprise</span></li><li><span>Containment/Intelligence Development: Restricting access, monitoring, and learning about the adversary in order to develop threat intelligence</span></li><li><span>Eradication/Remediation: Determining and executing key steps that must be taken to help stop the current incident and then move to real-time remediation</span></li><li><span>Recovery: Recording the threat intelligence to be used in the event of a similar adversary returning to the enterprise</span></li><li><span>Avoiding "Whack-A-Mole" Incident Response: Going beyond immediate eradication without proper incident scoping/containment</span></li></ul></li><li>SRL Skunkworks<ul><li><span>Introduction to the course scenario</span></li><li><span>Client background</span></li></ul></li><li>Introduction to Linux<ul><li><span>Linux basics</span></li><li><span>DFIR challenges</span></li><li><span>The distro problem</span></li><li><span>Linux terminal basics</span></li></ul></li><li>Package Management<ul><li><span>Distro differences</span></li><li><span>Package management tool differences</span></li><li><span>Manual analysis</span></li></ul></li><li>Threat Intelligence and Host-based Threat Hunting<ul><li><span>Hunting vs. reactive response</span></li><li><span>Intelligence-driven incident response</span></li><li><span>Building a continuous incident response/threat hunting capability</span></li><li><span>Forensic analysis versus threat hunting across endpoints</span></li><li><span>Threat hunt team roles</span></li></ul></li></ul>'},{section_name:n0,_metadata:{uid:"cs3324e2ba55c595f4"},cpe_credits:6,section_overview:'<p align="left">Disk evidence collection and analysis skills are crucial for incident responders, forensic investigators, and threat hunters because they allow for identifying the source and scope of a security breach. Digital forensic experts need to collect and preserve data from disk storage devices such as hard drives, solid-state drives, and USB drives in order to determine how an attack occurred, what data was accessed or stolen, and who was responsible. Without this critical evidence, it is challenging to reconstruct the events leading up to the breach and determine the necessary steps to prevent similar incidents from happening in the future.</p><p align="left">Moreover, disk analysis skills help responders and investigators identify the type of malware or malicious code used in the attack. This information is essential to determine the tactics, techniques, and procedures used by the attackers and their motivations. By analyzing the data stored on disks, responders and investigators can identify suspicious files, unusual network traffic patterns, and other indicators of compromise. They can then use this information to develop countermeasures to mitigate the risk of further attacks.</p><p align="left">Fundamentally, the ability to collect evidence from disks is critical for DFIR because most digital evidence is stored on disk storage devices, making the devices an essential source of information for responders, investigators, and threat hunters. Even if you just need to collect log data, being able to collect it from a disk image opens up opportunities for a broad range of incident response solutions. In addition, disk storage devices often hold deleted files and other remnants of past activities, which can provide valuable clues to the sequence of events leading up to an incident.</p><p></p>',section_exercises:"<ul><li>Introduction to the Sleuth Kit </li><li>Reviewing filesystem data </li><li>Disk evidence collection</li><li>Reviewing operating system filesystems</li></ul>",section_topics:"<ul><li>The Sleuth Kit<ul><li><span>Introduction and the layers model</span></li><li><span>Filesystem layer tools</span></li><li><span>Filename layer tools</span></li><li><span>Metadata layer tools</span></li><li><span>Data units layer tools</span></li><li>Application layer tools</li></ul></li></ul><ul><li>Linux File Systems<ul><li>Overview</li><li>Basic structures - superblocks and inodes</li><li><span>Ext family</span></li><li><span>XFS family</span></li><li><span>Manually extracting data</span></li></ul></li><li>Disk Evidence Collection<ul><li><span>Physical vs. virtual systems</span></li><li>dd</li><li><span>dcfldd</span></li><li><span>dc3dd</span></li><li><span>Ewfacquire</span></li></ul></li><li>Image Mounting<ul><li><span>RAW/Simple files</span></li><li><span>E01 format evidence files</span></li><li><span>Complex files</span></li></ul></li><li>Operating System File Structures<ul><li><span>File system hierarchy</span></li><li><span>Boot file locations</span></li><li><span>Binary file locations</span></li><li><span>Configuration file locations</span></li><li><span>Devices and driver file locations</span></li><li><span>Shared libraries</span></li><li><span>User profiles</span></li><li><span>Optionally installed files</span></li><li><span>Temporary file locations</span></li><li><span>Runtime data</span></li></ul></li><li>File System Artifacts<ul><li><span>Hunting tips</span></li><li><span>Areas to investigate</span></li></ul></li></ul>"},{section_name:s0,_metadata:{uid:"csfb6e6001aec63247"},cpe_credits:6,section_overview:"<p>Section 3 looks at how to use the data logged by the operating system to profile the device and analyze boot sequences, kernel activity, logins and user events. The section covers default log data, Auditd (although this isn't enabled by default on all Linux distros, you should definitely consider turning it on) and the Operating System Journal. </p><p>Log data is a fundamental evidence source for incident response and threat hunting. It allows investigators to understand what happened and when it happened. Using built-in capabilities, we can peel back the actions of our adversaries and, with well-configured logging, make it almost impossible for an attacker to completely hide from our investigation. Unfortunately, Linux logging can be significantly different from what we are used to -- especially if we have come from a Windows DFIR background. Significant issues faced by investigators include the different ways Linux distro's log data and a mix between UTC and local timestamps. This section will look at strategies you can implement to manage and mitigate these issues.</p>",section_exercises:"<ul><li>System and log profiling</li><li>Reviewing system logs</li><li>Analyzing authentication logs</li><li>Reviewing webserver logs</li><li>Reviewing database logs</li><li>AuditD logs the Journal</li></ul>",section_topics:"<ul><li>Device Profiling<ul><li><p>Evidence management</p></li><li><span>Confirm the device</span></li><li><span>Check time zones</span></li><li><span>Validate the distro</span></li></ul></li></ul><ul><li>Linux Logs<ul><li><span>Linux logging basics</span></li><li><span>Log analysis strategies</span></li><li><span>Syslog and Logrotate</span></li><li><span>Global system logs -- logging the kernel, boot processes, system messages and background services</span></li><li><span>Authentication logs -- authentication, privilege use, binary and plain text log formats</span></li><li><span>Application logs -- webservers, databases, filesharing and firewall logs</span></li></ul></li><li><p>Auditd</p><ul><li><span>Introduction</span></li><li><span>Log file format</span></li><li><span>Analysis techniques</span></li></ul></li></ul><ul><li>The Operating System Journal<ul><li><span>Introduction</span></li><li><span>How the journal works</span></li><li><span>What gets logged</span></li><li><span>Analysis techniques</span></li></ul></li></ul>"},{section_name:r0,_metadata:{uid:"csd564325e54ad98d3"},cpe_credits:6,section_overview:'<p align="left">Section 4 expands on the knowledge we have built so far and introduces tools and techniques to respond to intrusions in larger enterprises. The section starts by looking at how to scale your response and some of the tools that can assist with this. This topic is then developed further as we move into Endpoint Detection and Response (EDR) solutions for the Linux environment and introduce two alternatives to expensive commercial EDR tools -- OSSEC and Velociraptor. We\'ll cover how to configure and deploy both tools, enabling you to make sure that all your Linux devices have good quality monitoring and response capabilities.</p><p align="left">Finally, this section looks at Linux memory structures and how to collect volatile data for analysis. Given that this can be a complex process, and that analytical tools today are still not what they should be, we also look at using live response techniques to view this data on a target system. This has the added benefit of being something we can leverage through EDR tools, reducing the time and bandwidth required to capture memory from systems where the installed RAM could be running in the hundreds of gigabytes.</p><p></p>',section_exercises:"<ul><li>EDR Tools</li><li>Capturing RAM</li><li>Live memory analysis</li></ul>",section_topics:"<ul><li>Enterprise Response<ul><li><span>Introduction</span></li><li><span>Problems and solutions</span></li><li><span>Tools to consider</span></li></ul></li><li>Endpoint Detection and Response (EDR)<ul><li><span>Introduction</span></li><li><span>Linux EDR issues</span></li><li><span>Alternatives to commercial EDR</span></li><li><span>OSSEC deployment and use</span></li><li><span>Velociraptor deployment and use</span></li></ul></li><li>Linux Memory and DFIR<ul><li><span>Why memory matters</span></li><li><span>Memory acquisition with AVML</span></li><li><span>Memory locations on the filesystem</span></li></ul></li><li>Live memory analysis<ul><li><span>Reviewing /proc</span></li><li><span>Live response workflow</span></li></ul></li></ul>"},{section_name:i0,_metadata:{uid:"cs61c2486f017eee76"},cpe_credits:6,section_overview:'<p align="left">This course section builds on the previous sections by looking at how we can use our increased knowledge to enhance our incident response work. We start by looking at triage, which is essential for any modern incident response, especially in large enterprises. We introduce the concept of rapidly assessing systems to make quick decisions about which devices need further investigation. This approach allows us to quickly work through large environments and focus our investigative efforts where they provide maximum value. We\'ll also look at freely available tools that help facilitate triage and improve response times.</p><p align="left">The section then moves to looking at timeline generation. Timelines are arguably an incident responder\'s superpower, allowing you to uncover some of the deepest secrets about an attack. We will look at two basic methods for building timelines and how to analyze them effectively.</p><p align="left">Once we understand the timelines, we will look at how attackers try to defeat them, then examine the most common anti-forensic techniques and how incident responders can minimize their impact on the investigation. We close the section with a broad discussion on how to make incident response in Linux better.</p><p></p>',section_exercises:"<ul><li>Running triage tools</li><li>Triage assessment</li><li>Filesystem timelines</li><li>Super timeline creation</li><li>Super timeline analysis</li></ul>",section_topics:"<ul><li>Triage and DFIR Tools<ul><li><span>Introduction and concepts</span></li><li><span>Workflow</span></li><li><span>Collecting the data</span></li><li><span>Open-source triage tools</span></li><li><span>CyLR</span></li><li><span>GRR</span></li><li><span>Velociraptor offline collectors</span></li><li><span>Dissect</span></li><li><span>Triage with UAC</span></li><li><span>Build your own triage scripts</span></li></ul></li><li>Timelines<ul><li><span>Introduction</span></li><li><span>Types of timelines</span></li><li><span>Filesystem timeline creation and analysis</span></li><li><span>Super-timeline creation and analysis</span></li><li><span>Targeted timeline creation</span></li></ul></li><li>Anti-Forensics<ul><li><span>What to look for</span></li><li><span>Timestamp manipulation</span></li><li><span>Recovering deleted files</span></li></ul></li><li>Improving Incident Response<ul><li><span>Workflows</span></li><li><span>Hardening the environment</span></li></ul></li></ul>"},{section_name:l0,_metadata:{uid:"cs560140f03b8f9c52"},cpe_credits:6,section_overview:"<p>This incredibly rich and realistic Intrusion Forensic Challenge is based on a real-world advanced persistent threat (APT) group. It brings together techniques learned throughout the course and tests your newly acquired skills in a case that simulates an attack by an advanced adversary. The challenge is based on a real intrusion into a Linux enterprise environment. You will be asked to uncover how the systems were compromised in the initial intrusion, find other systems the adversary moved to laterally, and identify intellectual property stolen via data exfiltration. This capstone exercise will enable you to leave the course with hands-on experience investigating realistic attacks, curated by a cadre of instructors with decades of experience fighting advanced threats from attackers ranging from nation-states to financial crime syndicates and hactivist groups.</p>",section_exercises:e,section_topics:'<ul><li>Work in incident response teams to analyze multiple systems in an enterprise network</li><li>Learn to identify and track attacker actions across a multi-device environment finding initial exploitation, reconnaissance, persistence, privilege escalation, lateral movement, and data theft/exfiltration</li><li>Witness and participate in a team-based approach to incident response</li><li>Discover evidence of some of the most common and sophisticated attacks in the wild, including custom nation-state malware.</li><li>Each team will be asked to answer key questions, just as they would during a real breach in their organizations, in critical areas outlined below:</li></ul><h6>Identification and Scoping:</h6><ul><li>When did the APT group breach our network?</li><li>How did the attackers get into the environment?</li><li>What systems were compromised?</li><li>What accounts and privileges did the attackers attain on each system?</li><li>When and how did the attackers first laterally move to each system?</li></ul><h6>Containment and Threat Intelligence Gathering:</h6><ul><li>Once on other systems, what did the attackers look for on each system?</li><li>What data was exfiltrated and how? Determine what was stolen (recover any archives exfiltrated, find encoding passwords, and extract the contents to verify extracted data) and perform damage assessments.</li><li>Collect and list all malware used in the attack.</li><li>Develop and present security intelligence or an indicator of compromise for the APT group "beacon" malware for both host- and network-based enterprise scoping. What specific indicators exist for the use of this malware?</li></ul><h6>Remediation and Recovery:</h6><ul><li>What accounts need password changes? Did any malicious accounts get created?</li><li>Based on the attacker techniques and tools discovered during the incident, what are the recommended steps to remediate and recover from this incident?<ul><li><span>What systems need to be rebuilt?</span></li><li><span>What IP addresses need to be blocked?</span></li><li><span>What countermeasures should we deploy to slow or stop these attackers if they come back?</span></li><li><span>What recommendations would you make to detect these intruders in our network again?</span></li></ul></li></ul>'}],tags:[],teaser:c0,title:"FOR577_I01_01",who_should_attend:e0}],dataLayer:{siteName:"SANS.org",contentId:"blt0609678cd3a3d8ac",contentType:Z,contentTitle:tr,contentTopics:e,contentFocusAreas:["Digital Forensics, Incident Response & Threat Hunting"]},sticky:a,stickyNavAnchors:{"What You Will Learn":p0,"Course Syllabus":d0,"GIAC Certification":"giac-certification",Prerequisites:u0,"Laptop Requirements":m0,"Author Statement":_0,Testimonials:"testimonials","Training & Pricing":f0},stickyNavLinks:[{anchor:p0,url:"/cyber-security-courses/linux-threat-hunting-incident-response#what-you-will-learn",title:"What You Will Learn",hide:a},{anchor:d0,url:"/cyber-security-courses/linux-threat-hunting-incident-response#course-syllabus",title:"Syllabus",hide:a},h0,{anchor:m0,url:"/cyber-security-courses/linux-threat-hunting-incident-response#laptop-requirements",title:"Laptop Requirements",hide:a},{anchor:_0,url:"/cyber-security-courses/linux-threat-hunting-incident-response#author-statement",title:"Author Statement",hide:a},{anchor:f0,url:"/cyber-security-courses/linux-threat-hunting-incident-response#register-now",title:"Training & Pricing",hide:a}],prerequisitesLink:h0,metainfo:{browser_title:"FOR577: Linux Incident Response & Threat Hunting | SANS Institute",meta_description:"FOR577 teaches the skills needed to identify, analyze, and respond to attacks on Linux platforms and how to use threat-hunting techniques to find even the stealthiest attacker.",social_image:"https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltf9dc0da8d0b3a77a/65f857e996251b7c0971ff1e/FOR577_Curriculum_Course_Social_Cards_DFIR-Final-Keyobard-Generic.jpg"},dataLayerContext:"course-detail",canonical:"https://www.sans.org/cyber-security-courses/linux-threat-hunting-incident-response",siteConfig:D,structuredData:{"@context":"http://schema.org/","@type":Z,name:tr,description:c0,educationalCredentialAwarded:e,educationalLevel:k,image:"https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt30b49455f589d225/SANS-Logo",offers:"Paid",provider:{"@type":"Organization",name:Oa,sameAs:Hr},url:"https://www.sans.org/cyber-security-courses/linux-threat-hunting-incident-response/",hasCourseInstance:[{"@type":"CourseInstance",courseMode:"Online and In-person",courseWorkload:"6 days",instructor:{"@type":"Person",name:"Tarot (Taz) Wake",image:Hi}}]},currencyNotes:{GBP:"*Prices exclude applicable taxes | EUR price available during checkout",USD:Vr,EUR:Vr,AUD:Vr},dynamicListingTopBtn:{title:"Learn about Group Pricing",href:"/about/contact/sales/?msc=course-page-link"}}],fetch:{},error:P,state:{"dynamic-listing":{filters:{},perPage:10,sortBy:"ascending_&_display_date",content:[],dateRange:{defaultDatesEnabled:a,startDateProps:{id:"startDate",dateDefault:"2024-12-01",state:P,disabled:!0},endDateProps:{id:"endDate",dateDefault:"2025-12-01",state:P,disabled:!0},filterFunc:{},enabled:a},currentPage:1,totalEntries:100,searchTerm:e}},serverRendered:!0,routePath:"/linux-threat-hunting-incident-response",config:{siteConfig:D,_app:{basePath:E,assetsPath:"/cyber-security-courses/_nuxt/",cdnURL:P}}}}("",!1,"Normal","Overview","Industrial Control Systems","Cloud Security","Cyber Defense","Cybersecurity Leadership","Offensive Operations","Artificial Intelligence","OnDemand","/","Middle East & Africa","OUCH! Newsletter","Summits","Scholarships","Blog","Posters & Cheat Sheets","White Papers","Courses","Primary Mega Nav Item","/industrial-control-systems-security/","/cyber-security-courses/","Leadership Job Roles","Cyber Ranges","Community Nights","Contact","Careers","/about/","/security-awareness-training/career-development/","Advanced","In-Person","Live Online","Learn More","Security Awareness Training","EndUser Training","Phishing Platform","Developer Training","ICS Engineer Training","IT Administrator","NERC CIP Training","Role-based PCI DSS Compliance Training","Security Essentials for Business Leaders and Managers ","Workforce Risk Management Fundamentals for AI","Knowledge Assessment","Culture Assessment","Health Care","Industrial Control Systems Security","Military","/cybersecurity-leadership/","Cybersecurity and IT Essentials","DFIR","Open-Source Intelligence","New to Cyber","Essentials","Expert","Cyber Defense Job Roles","Offensive Operations Job Roles","DFIR Job Roles","Cloud Job Roles","ICS Job Roles","Oversight and Governance","Design and Development","Implementation and Operation","Protection and Defense","Investigation","Cyberspace Intelligence","Cyberspace Effects","Asia","Australia & New Zealand","Latin America","Mainland Europe","Scandinavia","United Kingdom & Ireland","United States & Canada","Wait Just An Infosec"," Cybersecurity Leadership","SANS Threat Analysis Rundown (STAR)","NewsBites","@RISK","Blueprint","Trust Me, I'm Certified","Cloud Ace","Wait Just an Infosec","Focus Areas","Open-Source Intelligence (OSINT)","Our Mission","/about/contact/","/security-resources/","/mission/","Our Founder","Awards","Customer Reviews","Trade Events","Press","Policies and Procedures","Specialized","Risk Assessments","/newsletters/ouch/","Training & Courses","Professional Credential","Assessments","Private Training","By Industry","Leadership Courses","Executive Cybersecurity Exercises","Leadership Simulation Game","Full Course List","By Focus Areas","By Skill Levels","Training Formats","/ondemand/","Skills Roadmap","Focus Area Job Roles","NICE Framework","European Skills Framework","Events Overview","In-Person Event Locations","Live Online Events List","/cyber-security-summit/","Degree and Certificate Programs","/cyber-academy/","Free Training & Resources","Webinars","Live Streams","Free Events Overview","Solutions Forums","Newsletters","Podcasts","Summit Presentations","Internet Storm Center","Security Policies","Digital Forensics & Incident Response","Our Instructors","Full Instructor List","Diversity","Contact Customer Service","Contact Sales","Press & Media Enquiries","Join the Community","SANS","/security-awareness-training/","/security-awareness-training/products/security-awareness-solutions/","/enterprise-solutions/","/cyber-security-training-overview/","/cyber-security-skills-roadmap/","/cyber-security-training-events/?training-formats=in_person,live_online&event-types=summit,training_event&per-page=100","/cybersecurity-careers/","/webcasts/","/mlp/free-cybersecurity-events/","/posters/","/white-papers/","/information-security-policy/","/cloud-security/","/cyber-defense/","/digital-forensics-incident-response/","/offensive-operations/","/instructors/","/get-involved/",null,"Australia","Belgium","Brazil","France","Japan","Netherlands","Singapore","Switzerland","United Kingdom","Security Awareness","Products & Services","Career Development","Partners","Reports & Case Studies","For Organizations","Group Purchasing","Build Your Team","Leadership Training","Train and Certify","Free Course Demos","/course-preview/","Training Roadmaps","GIAC Certifications","Training Events & Summits","Get Started in Cyber","/cyber-ranges/","Resources","Webcasts","Content","Research","Tools","About","Instructors","Mission","Frequent Asked Questions","/mlp/careers/","Digital Forensics","Security Policy Project","Degree Programs","Certifications","Do Not Sell/Share My Personal Information","Terms and Conditions","Privacy Policy","Account Dashboard","Log Out","Partner Portal","Sponsorship Opportunities","Partnerships","CISO Network","Teach for SANS","Work Study","Get Involved","/about/contact/sales/","/security-awareness-training/products/security-awareness-solutions/end-user/","/security-awareness-training/products/security-awareness-solutions/phishing/","/security-awareness-training/products/specialized-training/developer/","/security-awareness-training/products/specialized-training/ics-engineer/","/security-awareness-training/products/security-awareness-solutions/it-admin/","/security-awareness-training/products/specialized-training/nerc-cip/","/security-awareness-training/products/security-awareness-solutions/pci-dss/","/security-awareness-training/products/specialized-training/essentials-for-business-leaders/","/security-awareness-training/products/specialized-training/workforce-risk-management-fundamentals-ai/","/security-awareness-training/products/cyber-risk-insight-suite/knowledge/","/security-awareness-training/products/cyber-risk-insight-suite/culture/","/healthcare-cybersecurity/","/dod/","/cyber-security-courses/?focus-area=ai","/cyber-security-courses/?focus-area=cloud-security","/cyber-security-courses/?focus-area=cyber-defense","/cyber-security-courses/?focus-area=cyber-security-it-essentials","/cyber-security-courses/?focus-area=leadership","/cyber-security-courses/?focus-area=digital-forensics","/cyber-security-courses/?focus-area=industrial-control-systems-security","/cyber-security-courses/?focus-area=offensive-operations","/cyber-security-courses/?focus-area=open-source-intelligence","/cyber-security-courses/?skill-level=new-to-cyber","/cyber-security-courses/?skill-level=essentials","/cyber-security-courses/?skill-level=advanced","/cyber-security-courses/?skill-level=expert","/mlp/in-person-training/","/mlp/live-online-training/","/job-roles-roadmap/cyber-defense/","/job-roles-roadmap/offensive-operations/","/job-roles-roadmap/digital-forensics-incident-response/","/job-roles-roadmap/cloud/","/job-roles-roadmap/industrial-control-systems/","/job-roles-roadmap/leadership/","/nice-framework/oversight-governance/","/nice-framework/design-development/","/nice-framework/implementation-operation/","/nice-framework/protection-defense/","/nice-framework/investigation/","/nice-framework/cyberspace-intelligence/","/nice-framework/cyberspace-effects/","/nice-framework/industrial-control-systems/","/cyber-security-training-events/?location=asia&per-page=50","/cyber-security-training-events/?location=australia-and-new-zealand&per-page=50","/cyber-security-training-events/?location=latin-america&per-page=50","/cyber-security-training-events/?location=mainland-europe&per-page=50","/cyber-security-training-events/?location=middle-east-turkey-and-africa&per-page=50","/cyber-security-training-events/?location=scandinavia&per-page=50","/cyber-security-training-events/?location=united-kingdom-and-ireland&per-page=50","/cyber-security-training-events/?location=usa-and-canada&per-page=50","/mlp/wait-just-an-infosec/","/cybersecurity-leadership/live-streams/","/mlp/star-webcast/","/newsletters/newsbites/","/newsletters/at-risk/","/podcasts/blueprint/","https://www.giac.org/podcasts/","/podcasts/cloud-ace/","/podcasts/wait-just-an-infosec/","/account/","/account/create","/about/our-founder/","/about/awards/","/customer-reviews/","/mlp/trade-events/","/press/","/legal","SANS Sites","/security-awareness-training/products/specialized-training/","/security-awareness-training/products/cyber-risk-insight-suite/","/security-awareness-training/career-development/credential/","/cybersecurity-assessments/","/private-training/","/industries/","/cyber-security-courses/?focus-area=security-management-legal-audit","/cybersecurity-leadership/executive-cybersecurity-exercises/","/cybersecurity-leadership/cyber42/","/cybersecurity-courses/","Courses Overview","/cyber-security-courses/?focus-area=ai,cloud-security,cyber-defense,cyber-security-it-essentials,digital-forensics,industrial-control-systems-security,open-source-intelligence,leadership,offensive-operations,security-management-legal-audit,open-source-intelligence","/cyber-security-courses/?skill-level=new-to-cyber,essentials,advanced,expert","/cyber-security-training-formats/","Course Demos","/job-roles-roadmap/","/nice-framework/","/ecsf-framework/","/cyber-security-events/","/cyber-security-training-events/?training-formats=live_online","https://www.sans.edu/academics/launch-your-cybersecurity-career/","/cyberaces/","/mlp/live-streams/","/mlp/free-cybersecurity-events/#sponsored-events","/mlp/community-night-events/","Workshops","/workshops/","/newsletters/","/blog/","/podcasts/","/presentations/","/ai/","/osint/","/profiles/instructors/","/about/diversity/","/about/contact/press-enquiries/","Account","Join","Log In","Job Tools","Register to Learn","FOR577: LINUX Incident Response and Threat Hunting™","FOR577","/au_en/","/be_en/","/br_pt/","/fr_fr/","/jp_ja/","/mlp/middle-east-turkey-africa/","/nl_en","/sg_en/","/ch_en","/uk_en/?msc=utility-nav","Secondary Header Root","Talk with an expert","/blog/?focus-area=security-awareness","/security-awareness-training/partners/","/security-awareness-training/resources/reports/","/group-purchasing/","/build-your-team/","Train and Certify Overview","/cyber-security-certifications/","Resources Overview","Free Cybersecurity Events","Summits & Forums","https://isc.sans.edu/","/tools/","/cybersecurity-focus-areas/","/frequently-asked-questions/","https://www.sans.edu/","https://www.giac.org/certifications/","/legal/do-not-share-sell/","/legal/terms-conditions/","/legal/privacy/","/account/logout/","https://partnerportal.sans.org/","/sponsorship/","/partnerships/","/mlp/ciso-network/","/teach/","/work-study-program/","Footer Secondary Root","Footer Primary Root","Primary Header Root","Secondary Header Account Root","Course Page","https://www.sans.org","*Prices exclude applicable local taxes","sans-header-slim-mega-menu","<p><span>Increase your staff’s cyber awareness, help them change their behaviors, and reduce your organizational risk</span></p>","2024 Security Awareness Report","https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt1733d7a8ff26d5ad/6273dce39dfd5f30d076efa0/290x100_mega_nav3_security_awareness.jpg","<p>Embedding a Strong Security Culture</p>","https://www.sans.org/security-awareness-training/resources/reports/sar/","<p>Build a world-class cyber team with our workforce development programs.</p>","SANS CISO Primer: 4 Cyber Trends","https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltf47dc15d424f72e4/6273dce39dad2234e4d02e02/290x100_mega_nav9_manage_your_team.jpg","<p>This CISO Primer highlights four major cybersecurity trends SANS experts believe will move the needle for CISOs in 2024.<br /></p>","https://www.sans.org/mlp/zero-trust-white-paper/","<p><span>Immediately apply the skills and techniques learned in SANS courses, ranges, and summits</span></p>","https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blte8be34fc229589b9/6273dce3941a2939d3d00f0e/290x100_mega_nav_train_and_certify.jpg","<p>Free course demos allow you to see course content, watch world-class instructors in action, and evaluate course difficulty.</p>","AI Security Essentials Role-Based Training","/security-resources/?msc=main-nav","<span>Enhance your skills with access to thousands of free resources, 150+ instructor-developed tools, and the latest cybersecurity news and analysis</span>","Browse Here","/security-resources/?msc=nav-teaser","Security Policy Templates","https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt08fed20a2b957c76/6273dce36ed4423afc98e390/290x100_mega_nav4_resources.jpg","<p>In collaboration with security subject-matter experts, SANS has developed a set of security policy templates for your use.</p>","/information-security-policy/?msc=nav-teaser","<p><span>Learn more about how SANS empowers and educates current and future cybersecurity practitioners with knowledge and skills.</span></p>","https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltb48ea6f22e3c9a94/6273dce3d2794936634fa557/290x100_mega_nav7_about_us.jpg","<p>To empower current and future cybersecurity practitioners around the world with immediately useful knowledge and capabilities, we deliver industry-leading community programs, resources and training.</p>","/account/login","India","<p><span>Help keep the cyber community one step ahead of threats. Join the SANS community or begin your journey of becoming a SANS Certified Instructor today.</span></p>","https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltbe97e5485d2294e7/6273dce33debbf3afdd2d898/290x100_mega_nav_get_involved.jpg","<p>Membership of the SANS.org Community grants you access to cutting edge cyber security news, training, and free tools that can't be found elsewhere.</p>","/account/create/","Investigate","Collect and Operate","Analyze","Protect and Defend","Oversee and Govern","Operate and Maintain","Security Provisionals","Purple Team","Why Work with SANS","SANS Technology Institute","GIAC Security Certifications","Training Roadmap","Behavioral Risk Assessment","Hire Cyber Professionals","Team Development","https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt3d3a7be41c430878/5f36fa7ad9a24d7c67e518b8/CENTRAL_Find_Training_and_Testimonials_Banner_2.jpg","Online",'<p align="left">FOR577 is an advanced incident response course that focuses on the Linux operating system. We do not cover basic forensic techniques or introductory attacker techniques. Students are not expected to have detailed understanding of Linux, but it is strongly recommended that they have at least the level of knowledge provided by the SANS SEC401 or SEC406 courses.</p>',"<p>FOR577: Linux Threat Hunting & Incident Response provides responders and threat hunting teams with advanced skills to hunt down, identify, counter, and recover from a wide range of threats within enterprise networks, including advanced persistent threat (APT) nation-state adversaries, organized crime syndicates, and hactivism. Constantly updated, the course addresses today's incidents by teaching the hands-on incident response and threat hunting tactics and techniques that elite responders and hunters are successfully using to combat real-world breach cases.</p><p>FOR577 teaches the skills needed to identify, analyze, and respond to attacks on Linux platforms and how to use threat hunting techniques to find the stealthy attackers who can bypass existing controls. The concepts taught are built on common foundations in that we gather evidence, analyze it, and make decisions based on this analysis, all the while focusing on the specifics of the Linux platform. By using the tools built into the SANS SIFT Workstation, the course provides an all-inclusive solution that enables responders to quickly and effectively react to sophisticated intrusions.</p><p>During the course you will work through a number of exercises culminating in a final capstone, challenge built around a realistic attack with endpoint evidence, log data, and other artifacts you will encounter during day-to-day incident response activities. You will uncover evidence of an advanced threat actor working through a multiple-phase attack, going from reconnaissance to initial intrusion, then moving laterally throughout the organization's network. During the capstone you will bring together everything you have learned during the course and present your findings and recommendations on how security can be improved.</p><h3>You Will Be Able To</h3><ul><li>Use the tools, techniques, and procedures necessary to effectively hunt, detect, and contain a variety of adversaries and to remediate incidents</li><li>Hunt through and perform incident response on Linux systems using the SIFT Workstation</li><li>Identify and track malware beaconing outbound to its command and control (C2) channel via analytical techniques.</li><li>Determine how the breach occurred by identifying the beachhead and spear phishing attack mechanisms</li><li>Track user and attacker activity second-by-second on the system you are analyzing through in-depth timeline and super-timeline analysis</li><li>Identify lateral movement and pivots within your enterprise, showing how attackers transition from system to system without detection.</li><li>Track data movement as the attackers collect critical data and shift those data to exfiltration collection points</li><li>Recover and analyze archives and archive files (.rar, .tar, etc.) used by APT-like attackers to exfiltrate sensitive data from the enterprise network</li><li>Use collected data to perform effective remediation across the entire enterprise.</li></ul><h3>Business Takeaways</h3><ul><li>Understand attacker tradecraft in order to perform proactive compromise assessments</li><li>Upgrade detection capabilities by having a better understanding of novel attack techniques and available forensic artifacts, and by focusing on critical attack paths</li><li>Develop threat intelligence to track targeted adversaries and prepare for future intrusion events</li><li>Build advanced forensics skills to counter anti-forensics and data hiding from technical subjects for use in both internal and external investigations.</li></ul><h3>Course Topics</h3><ul><li>Advanced use of a wide range of best-of-breed open-source tools in the SIFT Workstation to perform incident response and digital forensics</li><li>Hunting and responding to advanced adversaries such as nation-state actors, organized crime, and hacktivists</li><li>Threat hunting techniques that will aid in quicker identification of breaches</li><li>Rapid incident response analysis and breach assessment</li><li>An incident response and intrusion forensics methodology</li><li>Evidence collection, including disk and memory, during incident response and threat hunting</li><li>Internal lateral movement analysis and detection</li><li>Rapid and deep-dive timeline creation and analysis</li><li>Adversary threat intelligence development, indicators of compromise, and usage</li><li>Cyber-kill chain strategies</li><li>Step-by-step tactics and procedures to respond to and investigate intrusion cases</li></ul><h3>What You Will Receive With This Course</h3><ul><li>SIFT Workstation</li></ul><p>This course uses the SIFT Workstation extensively to teach incident responders and forensic analysts how to investigate and respond to sophisticated attacks. The workstation contains hundreds of free and open-source tools, easily matching any modern forensic and incident response commercial response tool suite. A virtual machine is used with many of the hands-on class exercises. Features of the SIFT Workstation include:</p><ul><li><span>Ubuntu Linux LTS base</span></li><li><span>64-bit base system</span></li><li><span>Better memory utilization</span></li><li><span>Auto-DFIR package update and customizations</span></li><li><span>Latest forensics tools and techniques</span></li><li><span>VMware Appliance ready to tackle forensics</span></li><li><span>Cross-compatibility between Linux and Windows</span></li><li><span>Expanded file system support (NTFS, HFS, EXFAT, and more)</span></li></ul><ul><li>Electronic Download Package<ul><li>Case images (disk and memory) from systems compromised by an APT intrusion</li><li><span>SIFT Workstation virtual machines, tools, and documentation</span><span></span><span></span></li><li>Exercise book is over 250 pages long with detailed step-by-step instructions and examples to help you become a master incident responder.</li></ul></li></ul>","https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/bltc0b4fe7e481696e2/6722229838db44a6b0bce57d/SANS_Institute_FOR577_Brochure.pdf","https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blta2d39252163fc73d/5f4c3913d3f9000eac80c048/Taz_Wake_2.png","Read More","<p>FOR577 teaches the skills needed to identify, analyze, and respond to attacks on Linux platforms and how to use threat hunting techniques to find the stealthy attackers who can bypass existing controls. The course addresses today's incidents by teaching the hands-on incident response and threat hunting tactics and techniques that elite responders and hunters are successfully using to combat real-world breach cases. 23 hands-on labs</p>","In Person <span>(6 days)</span>","fa-in-person","fa-on-demand",{},{},"<ul><li>Incident Response Team Members who regularly respond to complex security incidents/intrusions from APT groups/advanced adversaries and need to know how to detect, investigate, remediate, and recover from compromised Linux systems found in most enterprises today</li></ul><ul><li>Threat Hunters who are seeking to understand threats more fully and how to learn from them in order to more effectively hunt threats and counter their tradecraft</li><li>Experienced Digital Forensic Analysts who want to consolidate and expand their understanding of Linux incident response techniques and the unusual situations this operating system can create</li><li>Experienced Security Operations Center Analysts who want to expand their understanding of how to examine attacker activity on Linux platforms.</li><li>Information Security Professionals who may encounter data breach incidents and intrusions on Linux platforms</li><li>Federal Agents and Law Enforcement Professionals who want to master analysis of adversary behavior on Linux-based operating systems</li><li>Red Team Members, Penetration Testers, and Exploit Developers who want to learn how their opponents can identify their actions, how common mistakes can compromise operations on remote systems, and how to avoid those mistakes. This course covers remote system forensics and data collection techniques that can be easily integrated into post-exploit operating procedures and exploit-testing batteries.</li><li>SANS SEC401, SEC450, SEC504 and SEC500 Graduates looking to take their skills to the next level.</li><li>SANS SEC508 Graduates looking to learn how to adapt their skills to a different operating system.</li></ul>","<p>\"Linux is a mainstream operating system found in almost every enterprise. It is used to host critical services and store sensitive personal and financial data, and it powers the underlying infrastructure we use on a day-to-day basis, making it a high-value target for our adversaries. Additionally, there is often a perception that Linux is 'more secure' than other operating systems, which results in less thorough security tool coverage. These two elements combine to make Linux intrusions both increasingly common and harder for our Security Operations Center/Incident Response teams to fully respond to. In one recent incident, attackers installed a persistence mechanism in a company's firewall that remained undiscovered during Windows-focused response and remediation activities.</p><p>\"All cybersecurity defenders need to have the knowledge to deal with attacks on every platform in our environments. This means it is essential to understand how to collect and analyze digital evidence from Linux systems to determine the extent of the damage and identify the root cause of an incident. By analyzing the digital evidence, defenders can identify indicators of compromise and determine the tools, techniques, and processes used by the attacker. This information can be used to develop countermeasures and prevent similar attacks from occurring in the future.\" </p><p>-Taz Wake</p>","LINUX Incident Response And Analysis","Disk Analysis and Evidence Collection","LINUX Logging and Log Analysis","Live Response and Volatile Data","Advanced Incident Response Techniques","The APT Incident Response Challenge","SANS_Institute_FOR577_Brochure.pdf","FOR577 teaches the skills needed to identify, analyze, and respond to attacks on Linux platforms and how to use threat hunting techniques to find the stealthy attackers who can bypass existing controls. The course addresses today's incidents by teaching the hands-on incident response and threat hunting tactics and techniques that elite responders and hunters are successfully using to combat real-world breach cases. 23 hands-on labs","Course","what-you-will-learn","course-syllabus","prereqs","laptop-requirements","author-statement","register-now",{},{})</script><script src="/cyber-security-courses/_nuxt/40df9f2.js" defer></script><script src="/cyber-security-courses/_nuxt/215e82d.js" defer></script><script src="/cyber-security-courses/_nuxt/390ee57.js" defer></script><script src="/cyber-security-courses/_nuxt/a097c55.js" defer></script><script src="/cyber-security-courses/_nuxt/9cff839.js" defer></script> <script src="https://addsearch.com/js/?key=58b8a4a0d3818cf198ff88f660f8f8f9"></script> <script type="text/javascript" src="/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=3&cb=1193429161" async></script></body> </html>