Incident Response

Affordable Incident Response Training

Incident Response Training

For the purpose of this site, “affordable” is under $1,000

I will try to keep up with price changes, however, the prices listed here may not always be accurate.

Name & Direct LinkPlatform/InstructorPrice in US DollarsPrice FrequencyTopics
Hands-On Incident Response FundamentalsPluralsight - Ryan Chapman29Monthly (There are also $299 and $449 yearly options)Defining Incident Response, Common Incident Response Tasks, Analyzing Files, Base64, Threat Intelligence, IOCs
Operationalizing Cyber Threat Intel: Pivoting & HuntingPluralsight - Ryan Chapman29Monthly (There are also $299 and $449 yearly options)Cyber Threat Intelligence (CTI), IOC Extraction, IOC Pivoting, IOC Hunting, Intel Management
Security Event Triage PathPluralsight - Various Instructors29Monthly (There are also $299 and $449 yearly options)Analyzing Network, Application, Machine & Endpoint Data, TTPS, KSAs, Tools, Detecting Malicious Traffic, Monitoring Assets and Topology, Detecting Anomalies, Statistical Baselining with SIEM Data
Streamlining Your Incident Response Process with SplunkPluralsight - Aaron Rosenmund and Ryan Chapman29Monthly (There are also $299 and $449 yearly options)Introduction to Splunk, Log Data, Aggregation, Splunk Resources, Using Splunk. Note: In addition to this one, there are a lot of Splunk courses on Pluralsight including certification paths.
Investigation TheoryApplied Network Defense - Chris Sanders647One TimeMental Models for Approaching an Investigation, Interpreting Evidence, Asking Investigative Questions, Open Source Intel, Strategies for Tracking the Investigation Process, Finding Leads Without Alerts, Recognizing Negative Bias, Reporting
ELK for Security AnalysisApplied Network Defense - Chris Sanders497One TimeElasticsearch, Logstash, Kibana, Beats, JSON, Collecting and Manipulating Structured and Unstructured Data, Searching Data, Building Dashboards, Building Data Pipelines, Logs, Netflow, IDS Alerts, CSV Files
Building Virtual LabsApplied Network Defense - Tony Robinson197One TimeThis is a choose your own adventure style course where you can chose to build a lab with Snort, Suricata, or Splunk. IDS/IPS, SIEM, Log Aggregation.
Practical Threat HuntingApplied Network Defense - Chris Sanders647One TimeHunting Frameworks, MITRE ATT&CK, Common Types of Anomalies, Effective Note Taking, ELK, Hands-On Threat Hunting Labs
Practical Packet AnalysisApplied Network Defense - Chris Sanders797One TimeHow Networking Works at the Packet Level, Interpreting Packet Data, Wireshark, Filters, Network Protocols, Application Layer Protocols, Packet Carving Techniques, How Malware Communicates on the Network
Osquery for Security AnalysisApplied Network Defense - Josh Brower397One TimeCrafting SQL Queries, Interrogating Processes to Determine if They're Malicious, Uncovering Persistence and Lateral Movement, MITRE ATT&CK, Kolide, ELK Stack, Generating Alerts
Intrusion Detection with SuricataApplied Network Defense - Open Information Security Foundation497One TimeInstalling and Configuring Suricata, Techniques for Capturing Network Data, Rules, EveBox, JQ, Alerts
Demystifying Regular ExpressionsApplied Network Defense - Darrel Rendell197One TimeHow to Apply Regex, Building and Testing Regular Expressions, Writing Host-Based Detection with YARA, Grep, Snort Rules, Matching Host Logs in SIEMs
Project AresCircadence90Per Month (There is also a $900/Annual Option)This is a Hands-On gamified learning platform with paths that include Cyber Defense Analyst. There are also battle rooms that include forensics, Linux, and scripting as well as games to learn about protocols, Regex, and the Cyber Kill Chain.
LetsDefendLetsDefend15Per MonthThis is a SOC Simulation Environment including alerts, case management, log search, endpoint security and threat intelligence. Save 15% off right now using code DFND15. Proceeds using that code go to the Innocent Lives Foundation.
Mastering Wireshark (Video)Packt9.99Per Month (For everything on Packt) There is also a one time $124.99 purchase option for this course.Network Forensics, Wireshark Customization, Capturing and Examining Traffic, Analyzing Network Protocols, Analyzing Application Protocols, Command Line Tools, Expanding & Troubleshooting Wireshark
An Introduction to Network AnalysisSecurity Blue Team26.71One TimeNetworking 101, Wireshark, TCPDump, PCAP Analysis
Introduction to Threat HuntingSecurity Blue Team26.71One TimeThreat Hunting Explained, IOCs, Hunting for Malware, Hashing, Mandiant Redline, File Properties
Blue Team Level 1 (Training and Certification)Security Blue Team601.07One Time (The price includes training and two BTL1 certification exam attempts)Security Fundamentals, Phishing Analysis, Threat Intelligence, Digital Forensics, Incident Response, SIEM
Hands-On Incident Response AnalysisPackt - Suni Gupta9.99Per Month (For everything on Packt) There is also a $124.99 one time purchase option for the course. Incident Response Strategy Formulation, Communication, Containment, Documentation, Forensics and Eradication. Detecting and Preventing Attacks, Handling Malicious Code, Insider Threats
Introduction to Malware Analysis for Incident RespondersPackt - Jason Dion9.99Per Month (For everything on Packt) There is also a $188.99 one time purchase option for the course. Symptoms and Activities, Types of Malware, Infection Vectors, Malware Analysis, FlareVM,
Incident Handler Career PathCybrary 49.50Per Month - There is also a $299 per year optionIncident Response Steps, Incident Response Planning, Implementing an Incident Response, Log Correlation & Analysis, Recovery, Chain of Custody, Documentation, Legal Concerns
SOC Analyst 1, 2, and 3 Career PathsCybrary49.50Per Month - There is also a $299 per year optionThreat Intelligence, Log Analysis, Wireshark, Cryptography, Attack Mitigation, Splunk, SIEM, Incident Response, Digital Forensics, Intrusion Detection, Reverse Engineering
The Complete Splunk Enterprise Certified Admin CourseUdemy - Adam Frisbee29.99One TimeSplunk Admin Basics, License Management, Configuration Files, Indexes, User Management, Authentication Management, Getting Data In, Distributed Search, Forwarders, Monitor Inputs, Network and Scripted Inputs, Agentless Inputs, Fine Tuning Inputs, Parsing Phase and Data, Manipulating Raw Data.
The Complete Splunk Beginner CourseUdemy - Adam Frisbee29.99One Time (Prices on udemy change but they have sales often)Setting up a Splunk environment, Creating Reports and Dashboards, Understanding SPL (Search Processing Language), Building datasets and data models.
MDFIR - Certified DFIR SpecialistMosse Cybersecurity Institute450One TimeFile Analysis, Windows Forensics, Memory Forensics, Applications Forensics, Network Forensics, Malware Analysis, Enterprise Investigations, Threat Intelligence, Writing Digital Forensics and Incident Reports
MBT - Certified Blue TeamerMosse Cyber Security Institute450One TimeDeploy and Manage Incident Mitigation Strategies and Tools, Investigate and Contain Security Intrusions on Windows Systems, Analyze Suspicious Binaries and Malware Samples, Identify Unknown Attacks, Produce Threat Intelligence, Write Custom Tools
MTH - Certified Threat HunterMosse Cyber Security Institute450One TimeCapturing Logs in Large-Scale Computer Networks, Using Python to Hunt for IOCs, Using YARA to Hunt for Malicious Binaries at Scale, Perform Deep-Dive Digital Forensics Investigations and Write Rapid Incident Response Reports
Blue Team Boot Camp: Defending Against HackersCodeRed24.99Per Month - There is also a $249 per year option. Both options include access to all courses on CodeRed.Risk Analysis, Threat Intelligence, Cyber Kill Chain, Endpoint Security, EDR, Windows Hardening, OSQuery, PowerShell, WMI, Linux Hardening, ClamAV, Chkrootkit, HIDS in Linux, MITRE ATT&CK, Network Security, Firewalls, VLAN, Proxy Servers, Log Aggregation & Correlation, Windows Logs, Linux Logs
SOC Analyst Prep WorkshopCover6 Solutions - Tyrone Wilson199One TimeThreat Management, Vulnerability Management, Cyber Incident Response, Security Architecture and Tool Sets. This is a live, virtual workshop. Dates vary.
CompTIA CySA+ TrainingDion Training399One TimeCySA+ Training, Practice Exams, and Hands-On Labs.
Cyber Defense PathTryHackMe10Per MonthSecurity Operations and Monitoring, Threat Emulation, Incident Response, Forensics, Malware Analysis and Reverse Engineering
CyberChef for Security AnalystsApplied Network Defense397One TimeCyberChef, Character Encoding and Encryption, Data Formatting and Parsing, Defeating Malware Obfuscation, Log File and Forensic Analysis Techniques, Image Manipulation, HTTP Requests, JSON Data
INE - Incident Handling & ResponseINE - Dimitrios Bougioukas49Monthly (There is also a $499 and $749/year option)Incident Handling & Response Overview, Network Traffic & Flow Analysis, Practical Incident Handling, SOC 3.0 Operations & Analytics

Cyber Security Incident Response Wannacry Ransomware

Udemy - Balazs Lendvay39.99One TimeInvestigate Wannacry behavior, Triage and identify IOCs, Static Analysis, Create a summary report of the incident
Blue Team Labs OnlineBlue Team Labs Online20.72MonthlyIncident Response, Digital Forensics, Phishing
RangeForce (The price is around $1500 for non-students)RangeForce200One Time (Price is approximate for students only)Security Operations, Suricata, Snort, YARA, Regular Expressions, Digital Forensics, Reverse Engineering, SIEM, SOAR, Splunk, Malware Analysis
Analyzing Network Traffic with WiresharkPluralsight29MonthlyGetting Started With Wireshark, Analyzing Network Protocols, TCP Analysis, Intermediate Wireshark Features, Visualizing Network Traffic, Using Wireshark Command Line Tools
Cisco Certified CyberOps Associate PathPluralsight - Joe Abraham29MonthlySecurity Concepts, Host-Based Analysis, Security Monitoring, Network Intrusion Analysis, Policies and Procedures
Threat Hunting with YARAPluralsight - Cristian Pascariu29MonthlyHow Signature Detection Works, YARA Rules, Defining Patterns, Installing YARA, Setting up an Analysis Environment, Generating Rules with Yargen, Writing Detection Rules, Analyzing Memory Artifacts with YARA, Detecting Threats Across the Network.
IBM QRadar Incident Detection and Response PathPluralsight - Ricardo Reimao29MonthlyIncident Detection and Investigation with QRadar
Managing and Responding to Security Events Using Azure SentinelPluralsight - Muhammad Sajid29MonthlyGetting Data into Azure Sentinel and Using Workbooks, Threat Detection Using Analytics, Managing and Investigating Incidents, SOAR, Security Playbooks, APIs.
Business Email CompromisePluralsight - Tyler Hudak29MonthlyBusiness Email Compromises, BEC Prevention, Detection, and Response.
Network Analysis with ArkimePluralsight - Josh Stroschein29MonthlyGetting Started with Arkime, Analyzing Phishing Traffic, Identifying Malware Command and Control, Developing Techniques for Detecting Data Exfiltration, Detecting Malware Use of TLS Connections.
Detection Engineering with SigmaApplied Network Defense - Josh Brower397One TimeDetection Engineering Process, Structure of Sigma Rules, SOC Prime Sigma UI Plugin for Kibana, Sigmac, How to Write Your Own Detection Rules Using Famliliar Log Sources Like Windows Events, Zeek Logs, Sysmon Logs, AWS, CloudTrail Logs and more.
MCSI CyZone BootcampMossé Cyber Security Institute300Per MonthThis bootcamp incorporates red teaming/pen testing and DFIR related practical training. This includes file analysis, memory forensics, malware analysis, YARA, threat hunting, reverse engineering, incident response challenges, and playbooks.

1 Day Forensics and Prevention Mastery Course

CQure Academy599One Time (There is also a $799 option with a certificate)Introduction to Incident Response and Handling, System and Network Security Mechanisms, Handling Malicious Code Incidents, Securing Monitoring Operations, Forensics Basics, Attack Prevention.
Cloud Incident Response & ForensicsCloud Academy39Per Month (There is also a $399/year option)Cloud Forensics, Cloud Incident Response, Forensic Analysis Report, Log Analysis, Docker