IR228: Incident Response Integration of Cyber Threat Intelligence

#1742757: IR228: Incident Response Integration of Cyber Threat Intelligence

Description:	IR228 is a full-day, scenario-based course that strengthens incident response operations through the applied use of cyber threat intelligence (CTI). The course integrates mitigation and persistence analysis with CTI operationalization to support containment, eradication, and recovery decisions during cyber incidents. Participants analyze persistence mechanisms used by advanced threat actors, evaluate mitigation and recovery options, and apply CTI to prioritize and coordinate response actions. Using a live cyber range scenario, learners investigate registry abuse, scheduled tasks, and living-off-the-land techniques, then translate findings into actionable response plans. The course incorporates CISA’s Eviction Strategies Tool, including Playbook-NG and COUN7ER, to demonstrate how incident findings and CTI directly inform response execution. Participants map adversary behaviors to MITRE ATT&CK®, identify mitigation gaps, and generate threat-informed response and eviction playbooks using Playbook-NG. IR228 is designed for incident responders seeking to operationalize CTI as a decision-support capability across the incident response lifecycle.
More info:	https://cisa.webex.com/webappng/sites/cisa/webinar/webinarSeries/register/5dbe21cbbaf64d2ab71c01108de004b2

Description:

IR228 is a full-day, scenario-based course that strengthens incident response operations through the applied use of cyber threat intelligence (CTI). The course integrates mitigation and persistence analysis with CTI operationalization to support containment, eradication, and recovery decisions during cyber incidents.

Participants analyze persistence mechanisms used by advanced threat actors, evaluate mitigation and recovery options, and apply CTI to prioritize and coordinate response actions. Using a live cyber range scenario, learners investigate registry abuse, scheduled tasks, and living-off-the-land techniques, then translate findings into actionable response plans.

The course incorporates CISA’s Eviction Strategies Tool, including Playbook-NG and COUN7ER, to demonstrate how incident findings and CTI directly inform response execution. Participants map adversary behaviors to MITRE ATT&CK®, identify mitigation gaps, and generate threat-informed response and eviction playbooks using Playbook-NG.

IR228 is designed for incident responders seeking to operationalize CTI as a decision-support capability across the incident response lifecycle.

More info:

https://cisa.webex.com/webappng/sites/cisa/webinar/webinarSeries/register/5dbe21cbbaf64d2ab71c01108de004b2

Date added	June 22, 2026, 2:07 p.m.
Source	Webex
Subjects	Incident Response / Incident Handling PodCasts / Webcast / Webinar / eSummit / Virtual Event etc.
Venue	July 21, 2026, midnight - July 21, 2026, midnight