Network Traffic and Logs Using IDS and SIEM Tools

In this course, you will be provided with a conceptual overview of logs and their role in Intrusion Detection Systems (IDSs) and Security Information and Event Management tools (SIEMs). The course will discuss the general concept of an IDS and how it works to detect attacks before highlighting specific IDS and SIEM products, such as Suricata, Splunk and Google SecOps (Chronicle), respectively. You will then develop an understanding of how to access and navigate within Suricata and how basic rules are set up to provide alerts, events, and logs for malicious network traffic. This course will conclude with an introduction to Splunk and Google SecOps (Chronicle) and will showcase some of their features, including common commands. By the end of this course, you will be able to: - Discuss the importance of logs during incident investigation - Determine how to read and analyze logs during incident investigation - Describe how common intrusion detection system (IDS) tools provide security value - Interpret the basic syntax and components of signatures and logs in IDS and NIDS tools - Describe how SIEM tools collect, normalize, and analyze log data - Perform queries in SIEM tools to investigate an incident