Description
One of the most important factors of a successful cyber defense program is Continuous Monitoring. And this can only be accomplished through Visibility that spans the depth and breadth of the network infrastructure. This course will equip the students with necessary knowledge and skills about two fundamental systems in cyber security, which are Security Information and Event Management (SIEM) and Intrusion Detection System (IDS). The first centrally collects, correlates, and analyzes logs from different nodes in the network, while the latter constantly monitors network traffic for sings of intrusions. The student will get the chance to work with the open-source SIEM and IDS tools, Elastic ELK Stack and Snort. We will walk the student through the process of installing, configuring, and maintaining those tools. Further, we will introduce them to industry best practices regarding the proper utilization of such systems to quickly detect and respond to any emerging attack.
Outline
Part 1: Introduction to SIEM
- Log Management.
- Storage and Big Data.
- SIEM Best Practices.
- Security Operation Center (SOC).
Part 2: Working with ELK Stack
- Component 1: Elasticsearch
- Component 2: Kibana
- Component 3: Logstash
Part 3: Introduction to IDS
- Network Attacks
- Signatures
- Alert System
Part 4: Working with Snort
- Installing Snort
- Configuring Snort
- Managing Alerts