Intrusion Analysis

In this course, participants will learn how to use open-source tools to analyze an intrusion in the network. The training will prepare the participants to put new skills and knowledge to work immediately upon returning to a live environment. Participants will learn to investigate and reconstruct activity to deem if it is noteworthy or a false indication. Based on these activities, participants can detect the intrusion pattern.

Training Objectives

  • Configure and run open-source Snort and write Snort signatures
  • Configure and run open-source Bro to provide a hybrid traffic analysis framework
  • Understand TCP/IP component layers to identify normal and abnormal traffic
  • Use open-source traffic analysis tools to identify signs of an intrusion
  • Comprehend the need to employ network forensics to investigate traffic to identify a possible intrusion
  • Use Wireshark to carve out suspicious file attachments
  • Write tcpdump filters to examine a particular traffic trait selectively
  • Craft packets with Scapy
  • Use the open-source network flow tool SiLK to find network behavior anomalies
  • Use knowledge of network architecture and hardware to customize placement of IDS sensors and sniff traffic off the wire

Target Audiences

  • SOC Operators
  • Security Analyst
  • Incident Responders
  • Network Engineer
  • Network Administrator
  • Security Managers


View Promo Class