New release : CTI Report - Pharmaceutical and drug manufacturing 

                 Download now

Training: Crisis Management, Journalism Policy Workshop

Reference : CERT-WPJ

Duration : 1 day

Audience : CISOs, system administrators, SOC analysts

Prerequisites: Basic knowledge of IT administration and security.

Introduction :
An effective logging policy forms the basis of robust security monitoring and accelerates incident investigations. This workshop draws on the field experience of CERT Intrinsec to identify common weaknesses revealed by processed incidents, such as failures in the early detection of attacks (exfiltration, data encryption). Participants will learn how to configure logs tailored to attacker techniques (MITRE ATT&CK), covering proxy, firewall, EDR, Sysmon, and Active Directory.

Educational Objectives

  • Understanding the impact of inadequate logging on incident detection and response.
  • Identify critical logs by attack scenario (drive-by, phishing, public exploitation).
  • Implement practical recommendations: minimum sizes (1-2 GB workstations/servers), key Event IDs (4688, 4104, Sysmon 1) and PowerShell/Sysmon activation
  • Evaluate and prioritize log sources (SIEM, DNS, Event ID 4624/4625 authentications).

Detailed Program

  • Breakfast & round table (30 min)
  • Context and Lessons Learned (1h30min): Analysis of CERT incidents showing logging failures.
  • Break: (15 min)
  • Practical Recommendations (30min): Minimum configuration, points of attention (quantities, default mechanisms), hands-on workshops.
  • Lunch break (1 hour)
  • PART 1 Attack Scenarios and Key Logs (1h30): Drive-by compromised (proxy/firewall/Sysmon), public exploit (WAF/EDR), phishing (PowerShell 4104), persistence/discovery (4688)
  • Break (15 min)
  • PART 2 Attack Scenarios and Key Logs (1h30): Drive-by compromised (proxy/firewall/Sysmon), public exploit (WAF/EDR), phishing (PowerShell 4104), persistence/discovery (4688)
  • Conclusion and Q&A (30 min): Personalized action plan, SIEM integration.

Maximum number of people 6 to 8 people max

Offer subject to conditions : minimum number of 4 participants reached

Customer reviews

The training was very practical and hands-on. The feedback from CERT Intrinsec really highlighted the shortcomings we encounter daily during investigations. The Sysmon and PowerShell recommendations are immediately applicable.

Mr. Dupont

CISO, industrial sector

Excellent balance between theory and practice. The section on critical Event IDs (4104, 4688, Sysmon 1) allowed me to completely revise our server configuration and improve visibility for the SOC.

C. Lefèvre

SOC Analyst, Banking and Insurance

The workshop helped me structure our logging policy more clearly and with greater prioritization. The MITRE ATT&CK scenarios are very well chosen to illustrate detection gaps.

A. Moreau

Systems Administrator, Public Sector

You can tell it's built from real-world experience, not an academic approach. The exchanges between participants and the concrete cases from CERT Intrinsec really enhance the value of the content.

T. Bernard

Operational Security Manager, Energy Sector

Excellent format: small group, lots of interaction and real-world examples. The final action plan for our SIEM was a real bonus.

L. Martin

CISO, IT services company / digital services

Dense but clear training. I particularly appreciated the section on prioritizing log sources and integrating them into monitoring tools.

E. Girard

Security Analyst, Healthcare Sector

Why choose Intrinsec?

Trainers directly from CERT, SOC and GRC Intrinsec

Real-life case studies based on actual incidents handled in 10+ sectors

Full alignment with your tools, repositories, and environment typology

Methodology based on MITER ATT&CK, DFIR, NIST, ISO

Possible integration into your HR/ISO compliance/internal campus programs

Would you like to register for our journalism policy workshop?

Name
Contact