Network & Host Analysis: Network Operations


Overview/Description
Expected Duration
Lesson Objectives
Course Number
Expertise Level


Overview/Description

Securely operating a network requires tools to monitor, detect, and prevent breaches. Knowing what goes on and how to stop malicious traffic involves the use of Network Security Monitoring (NSM), security information and event management (SIEM), and intrusion detection and prevention systems (IDS/IPS). In this course, you'll explore these tools and implement Suricata and Kibana as NSM, IDS, IPS, and SIEM solutions.

Furthermore, you'll compare and contrast network defense tools. You'll examine NSM and SIEM's purpose and characteristics and outline how to implement and benefit from these techniques. Next, you'll install Suricata and Kibana, and use their features for rule creation, alerts, logging, scripting, and integration. Finally, you'll integrate Suricata and Wireshark to leverage both tools' capabilities so that you can operate your network securely.



Expected Duration (hours)
1.0

Lesson Objectives

Network & Host Analysis: Network Operations

  • discover the key concepts covered in this course
  • compare and contrast various network defense tools
  • recognize the characteristics of NSM and outline how to implement it as part of a network defense strategy
  • describe how SIEMs are used to detect threat activity
  • install and configure Suricata to be used for network defensive operations, including NSM, IDS, and IPS
  • apply a Suricata rule and illustrate the action, header, and rule options
  • create an alert using a Suricata rule
  • configure Suricata output in JSON using the EVE output facility
  • install prerequisites for ELK Stack and Suricata from the command line
  • install ELK stack in preparation for it to serve as a SIEM for Suricata
  • integrate Suricata logs with ELK Stack using Filebeat and Logstash
  • navigate ELK Stack's Kibana dashboards for SIEM use when connected to Suricata
  • output a PCAP log from Suricata to be read by Wireshark
  • summarize the key concepts covered in this course

    • Course Number:
    it_cynthadj_05_enus

    Expertise Level
    Intermediate