This covers the second half of the ICS 612 course. On Morning 4 we picked up with the reaminder of the day 3 material, so basically more architecture and networking solutions. We did some work with a data historian and explored remote access a bit more.
After completing that material we moved right into System Management. This was pretty tools centric with some time spent on the ELK stack then on pushing that data into Integrity (formerly Sophia). We also spent time using Cyberlens and the Dragos suite as well as Indegy. The day closed out with discussions of ICS change management and ICS patch management.
Day 5 was a blast, the instructors borked our setups and we had to troubleshoot the issues and restore fuctionality. That was the first half of the morning. Then we did a CTF until lunch which was fairly challenging, but not exceptionally so. (I placed 4th out of 20 and I am a moron so...). Thae afternoon was spent providing feedback on the course and grinding coffee, which was the simulated business.
Overall this course was really good, of course most SANS Training is. Everything went far smoother than I expected for a beta course. I highly recommend this course, especially if you can couple it with some of the training from Threatgen which covers some of the areas like risk assessment that this course, as a mainly hands-on offering doesn't really delve into.