Security Event Triage: Leveraging Existing Security Device Alerts

Focused View

Daniel Lachance

1:18:26

85 View

1- Course Overview

1. Course Overview.mp4

01:08

2 - Network Security Devices

1. Module Introduction.mp4

01:17

2. The OSI Model.mp4

04:53

3. Demo - Identify Port Scan Network Traffic.mp4

02:33

4. Network Security Devices.mp4

05:37

5. Demo - Cloud Jump Boxes and Security.mp4

04:34

6. Module Summary.mp4

01:08

3 - Identifying Threats Using Firewall Logs

1. Module Introduction.mp4

00:51

2. Firewalls and Monitoring Requirements.mp4

07:12

3. Firewall Logs.mp4

03:56

4. Demo - Identify Suspicious Outbound Network Activity Using Kibana.mp4

03:33

5. Demo - Identify Firewall Enumeration Activity Using Kibana.mp4

02:21

6. Module Summary.mp4

00:40

4 - Identifying Network Threats Using NAC Logs

1. Module Introduction.mp4

00:48

2. Network Access Methods.mp4

03:41

3. Network Access Control (NAC).mp4

05:02

4. Demo - Seek Indications of Compromise from NAC Device Logs Using Kibana.mp4

02:48

5. Module Summary.mp4

00:59

5 - Security in the Cloud

1. Module Introduction.mp4

01:20

2. Cloud-based Firewall Solutions.mp4

04:00

3. Cloud-based Network Logs.mp4

03:43

4. Cloud-based Network Anomalies.mp4

04:07

5. Demo - Identify Cloud Resource Scans through Cloud Packet Captures.mp4

04:06

6. Demo - Identify Security Threats in Microsoft Azure.mp4

03:50

7. Demo - Identify Amazon Web Services Security Events.mp4

02:28

8. Module Summary.mp4

01:51

Exercise Files

security-event-triage-leveraging-existing-alerts.zip

Description

Identifying suspicious network activity can prevent serious security breaches. By monitoring centralized device logs you can catch potential security problems in a timely manner.

What You'll Learn?

Identifying suspicious activity on your network can be achieved by analyzing security device logs. In this course, Security Event Triage: Leveraging Existing Security Device Alerts, you'll learn how to analyze security device logs looking for security problems. First, you'll learn about network security devices and the relationship between the OSI model and the ability to decipher the meaning of network traffic captures. Next, you'll see how to analyze firewall logs to identify abnormal activity which could indicate a security compromise, and how analyzing network access control (NAC) logs can identify questionable host and network connectivity for unauthenticated as well as authenticated devices. Finally, you'll explore how to use cloud-based methods such as cloud packet capturing and centralized security monitoring to identify potential security problems in the cloud. When you're done with this course, you'll have the foundational knowledge of continuous monitoring and interpretation of correlated log events needed to gain the best possible picture of network security events.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Cyber Security

Network Security

Information Security

Daniel Lachance

Instructor's Courses

Daniel Lachance, CompTIA Security+, CompTIA A+®, CompTIA Network+®, CompTIA Server+, CompTIA Cloud Essentials, MCITP, MCTS, MCSA, is the owner of Lachance IT Consulting Inc. He is the author of the CompTIA Server+ Certification All-in-One Exam Guide, CompTIA Cloud Essentials Certification Study Guide, and co-author of CompTIA Security+ Certification Practice Exams. Mr. Lachance is an experienced trainer having delivered IT training in Canada and the Caribbean since the 1990s on topics ranging from various Microsoft products including Visual Basic, Hyper-V and System Center Configuration Manager, as well as other products including UNIX, Linux, Novell and IBM Notes, and Domino. Dan has further experience with Microsoft Azure, Amazon Web Services, Google G Suite, and Linux.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.