Network Security MonitoringWinter Working Connections 2017Sam BowneSchedule · Slides · Projects · Links · Home PageSurveys for Weds. |
DescriptionFirewalls and antivirus are not enough to protect modern computer networks--abuses and attacks are common and cannot be completely prevented. Instead, networks are now monitored to detect security incidents, and security teams respond to them to limit the harm they cause. This class prepares students for jobs in monitoring and incident response, providing skills that are in high demand. Class ObjectivesUpon successful completion of this course, the student will be able to: Textbook"The Practice of Network Security Monitoring: Understanding Incident Detection and Response" by Richard Bejtlich, No Starch Press; 1 edition (July 26, 2013), ASIN: B00E5REN34 Buy from Amazon Live StreamingThe class will be livestreamed using Zoom. KahootsTo keep participants awake during lectures, there will be Kahoot live contests to review terms and concepts. QuizzesChapter quizzes are available in plaintext and Canvas exports for participants who want them. |
Schedule | ||
---|---|---|
Date | Topic | |
Mon 12-11
8:30 - 12:00 |
1. Network Security Monitoring Rationale 2. Collecting Network Traffic: Access, Storage, and Management 3. Standalone NSM Deployment and Installation 6. Command Line Packet Analysis Tools Projects 1-3, 1x, 2x Quizzes: Ch 1, Ch 2-3 | |
Tue 12-12
8:30 - 12:00 |
7. Graphical Packet Analysis Tools 8. NSM Console 9. NSM Operations
Projects 4-6, 3x, 4x
| |
Wed 12-13 8:30 - 12:00 (CST) |
Project 7 Quiz: Ch 9 Surveys for Weds. | |
|
Slides | |
---|---|
Part 1: Getting Started1. Network Security Monitoring Rationale · PDF · Keynote2. Collecting Network Traffic & 3. Standalone NSM Deployment · PDF · Keynote Part 2: Security Onion DeploymentWe'll skip chapters 4 and 5
4. Distributed Deployment Tools6. Command Line Packet Analysis Tools · PDF · Keynote7. Graphical Packet Analysis Tools 8. NSM Console · PDF · Keynote NSM in Action9. NSM Operations · PDF · Keynote |
Links |
---|
Get started with Search - Splunk Documentation Splunk and the ELK Stack: A Side-by-Side Comparison What on earth is 'Splunk' -- and why does it pay so much? (from 2017) Splunk in 2 Charts: 85 of the Fortune 100 companies use Splunk (from 2017) Splunk Core Certified User Test Blueprint New Unsorted LinksSplunk Certification Flashcards | QuizletThe Windows Logging Cheat Sheet delete - Splunk Documentation ATT&CKized Splunk - Threat Hunting with MITRE's ATT&CK using Splunk Securing Splunkweb (Free version) -- THIS WORKS 2020-03-06: Statement by a quarantined nurse from a northern California Kaiser facility Splunk Certification Pathway (2022) Free Training Courses | Splunk Configure a Splunk asset in Splunk SOAR to pull data from the Splunk platform - Splunk Documentation About Splunk App for SOAR Export - Splunk Documentation The Essential Guide to Security | Splunk -- SECURITY JOURNEY PDF Overview of the Splunk Common Information Model - Splunk Documentation Splunk Security Essentials Explained—Splunk Cloud SecOps Webinar Series - YouTube Splunk Security Schooling With Static Datasets For Budding Blue Teamers GitHub - splunk/attack_data: A repository of curated datasets from various attacks Blue Team Labs Online - Cyber Range |