Monitor and analyze cybersecurity incidents using Snort, Wireshark, tcpdump, and Splunk. Implement logging, detection, and remediation processes to protect networks and maintain resilient digital systems.
Overview
Syllabus
- Foundations of Monitoring and Logging
- Find out why monitoring and logging is essential to cybersecurity, learn about the history of log monitoring, and get started with the virtual machine you'll be using in this course.
- Incident Detection
- Discover how to uncover security incidents using an Intrusion Detection System. Create and analyze IDS rules and security log data.
- Monitoring and Logging
- Capture and analyze network traffic using tcpdump and Wireshark, and search security logs using Splunk, a powerful SIEM tool.
- Incident Handling
- Find out about the process to remediate security incidents, and an important tool to handle incidents consistently: incident handling playbooks.
- Project: Intrusion Detection and Response
- In this project you will be filling in for a colleague who is on vacation. You will review and make decisions about network-based Intrusion Detection System alerts.
Taught by
Chris Herdt
