CNIT 50: Network Security MonitoringSpring 2019 Sam Bowne
Schedule · Quizzes · Lecture Notes · Projects · Links · Home Page |
DescriptionLearn modern, powerful techniques to inspect and analyze network traffic, so you can quickly detect abuse and attacks and respond to them. This class covers the configuration and use of Splunk, the industry standard for network security monitoring. This class helps to prepare for Splunk Core Certified User certification. Course JustificationFirewalls and antivirus are not enough to protect modern computer networks--abuse and attacks are common and cannot be prevented. Instead, networks are now monitored to detect security incidents, and security teams respond to them to limit the harm they cause. This class prepares students for jobs in monitoring and incident response, providing skills that are in high demand. This course is part of the Advanced Cybersecurity Certificate. TextbookThere is no textbook for this class. Instead, we will use this free online course: Quizzes and CanvasThe quizzes are multiple-choice, online, and open-book. They are hosted on my Canvas server, along with the project scores. Study the textbook chapter and take the quiz before that class. Each quiz is due 30 min. before class. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts. Live StreamingYou can attend class remotely using Zoom at https://zoom.us/j/4108472927 |
Schedule | ||
---|---|---|
Date | Due | Topic |
Sat 1-19 |
1 - What is Machine Data 2 - What is Splunk 3 - Installing Splunk 4 - Getting Data In
| |
Sat 2-9 |
Quizzes 1-2, 3-4, 5, 6 Mod 3-5 due |
5 - Basic Searching 6 - Using Fields
|
Sat 2-23 | CLASS POSTPONED TO 3-9 | |
Sat 3-9 | Mod 6 & 8 due |
7 - Best Practices 8 - SPL Fundamentals 9 - Transforming Commands
|
Sat 3-16 |
Quizzes 7-8, 9, 10, 11-12 Mod 9-11 due |
10 - Reports and Dashboards 11 - Pivot and Datasets 12 - Lookups
|
Sat 4-6 |
Quiz 13 Mod 12 due |
13 - Scheduled Reports and Alerts
|
Sat 4-27 | CTF Competition in SCIE 37 | |
Wed 5-15 - Wed 5-22 |
Final Exam available online throughout the week. You can only take it once. | |
* Quizzes due 30 min. before class No penalty for late work in this class |
Lectures | |
---|---|
Policy
To access course materials, Enrolling in the Online Splunk Class
1 - What is Machine Data |
Projects | |
---|---|
Mod 3 & 4 (20 pts) * Mod 5 (10 pts) Mod 6 (10 pts) Mod 8 (10 pts) * Mod 9 (10 pts) * Mod 10 (10 pts) * Mod 11 (10 pts) * Mod 12 (10 pts) * Extra CreditProj 1x: BOSS OF THE SOC: Finding Attack Servers (35 pts) Proj 2x: BOSS OF THE SOC: Identifying Threat Actors (50 pts) Proj 3x: BOSS OF THE SOC: Using Sysmon and Stream (50 pts) Purple 1: Drupal, Splunk, and Suricata (35 pts) * Score goes directly into Canvas |