Security Event Triage: Statistical Baselining with SIEM Data Integration

Focused View

Cristian Pascariu

1:31:33

35 View

01.Course Overview

01.01.Course Overview.mp4

01:56

02.Investigating Security Incidents with the Elastic SIEM

02.01.Introduction.mp4

02:21

02.02.Addressing InfoSec Challenges with a SIEM.mp4

03:45

02.03.Getting Familiar with the Elastic Stack.mp4

05:00

02.04.Hands-on with the Elastic SIEM.mp4

03:33

02.05.Detecting Persistence through Scheduled Tasks.mp4

04:36

02.06.Overview.mp4

01:03

03.Detecting Suspicious Network Traffic

03.01.Introduction.mp4

01:15

03.02.Leveraging Network Security Monitoring.mp4

03:26

03.03.Identifying Connections to Malicious Domains.mp4

04:15

03.04.Detecting Command-and-Control Traffic.mp4

04:21

03.05.Analyzing DNS Tunneling.mp4

04:32

03.06.Investigating C2 Channels over ICMP.mp4

02:18

03.07.Overview.mp4

01:16

04.Investigating File-less Malware Attacks

04.01.Classifying File-less Malware Attacks.mp4

06:09

04.02.Investigating Post-exploitation Attacks Based on PowerShell.mp4

06:47

04.03.Identifying Lateral Movement.mp4

03:36

05.Performing Behavioral Analysis

05.01.Introduction to Behavioral Analysis.mp4

03:48

05.02.Leveraging Sysmon for Endpoint Detection.mp4

05:12

05.03.Investigating Post-exploitation Attacks.mp4

02:43

05.04.Detecting Advanced Credential Dumping.mp4

03:30

05.05.Conclusion.mp4

02:40

06.Correlating Related Events

06.01.Introduction.mp4

01:58

06.02.Investigating The Human Resistance (THR) Group Attacks.mp4

04:44

06.03.Investigating Republic of Strashnakovia (ROS) Group Attacks.mp4

05:03

06.04.Conclusion.mp4

01:46

Description

Log parsing and analysis does not scale well to large data sets. This course will teach you how to perform data analysis and baselining on large data sets to efficiently identify and address threats.

What You'll Learn?

As businesses innovate and make ground-breaking developments in the markets they operate within, successes can become reasons for advanced cyber threats to target your organization. In this course, Security Event Triage: Statistical Baselining with SIEM Data Integration, you will gain the ability to perform detection and analysis of threats at scale. First, you will learn which leg events to look for to identify suspicious activity. Next, you will discover how to pivot between indicators to find the root cause of the incident. Finally, you will explore how to correlate events from multiple sources across your estate to identify the actions on objective of the attacker as well as the impact. When you’re finished with this course, you will have the skills and knowledge of data analysis and baselining needed to detect threats at scale.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Data Science

Big Data

Cristian Pascariu

Instructor's Courses

Cristian took part in auditing and implementation of infosec capabilities to uplift security posture. He managed codification efforts to extract indicators of compromise and created rules in the scope of defending against new emerging threats. He has also developed tools and scripts to overcome security gaps within the corporate network. Cristian has mentored L1 and L2 analysts to increase triage efficiency and combat new threats. He has experience in the field of Application Security and has provided Source Code Auditing for AAA game titles on mobile and PC platforms. Cristian has delivered Secure Coding training to development teams based on common SDLC pitfalls and industry best practices.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.