V
Video789
Guest
Offline
Last updated 2/2022
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 665.17 MB | Duration: 1h 29m
Volume 1 - Incident Response with Logs
What you'll learn
Strong Analytical and Problem-Solving Skills
Monitor, analyze the output from the network and endpoint devices
Knowledge of log formats and ability to aggregate and parse log data for system logs and application logs for investigation purpose
Perform Root cause analysis (RCA) for the incidents and update the knowledge management
Respond to cyber security incidents through remediation efforts
Requirements
Knowledge of operating systems such as Linux and windows
Understanding Intrusion Detecting/Preventing Systems (IDS/IPS)
Web application languages such as PHP
Web application such as apache tomcat
Virtual machine programs such as VM player and VM VirtualBox
Description
A security analyst performs an incident response (IR) when a breach occurs in a company or organization. Cyber security incident is defined in various ways. Incidents that occur in information asset-related systems generally referred to by companies mean that an abnormal operation occurs in the system or application, or a phenomenon unintended by an outsider. Through cyber security incident response, system damage status and cause of incidents are analyzed and, in case of crime, information necessary to prove criminal activity is collected for the purpose of collecting evidence. Industrial espionage, in which an internal employee steals confidential documents or key drawings from a competitor or overseas, becomes a legal forensic area necessary for legal disputes.This course covers investigation tips and guides for level 2 analysts. Usually, we use variety tools to identify threats from various security logs such as Web Applications, IDS and Network Packets. In this lab, you will have practical exercise to find the cause of a problem with 3 types of logs. All logs were reflected from real-world incidentIDS logs were filtered unnecessary column information for your exercise. It will provide Date Time, Tag Name, Source IP, Source Port, Destination IP and Destination Port.Web log format comes from Microsoft Internet Information Services (IIS), were filtered unnecessary rows for your exercise. You will use 2 different log analysis tools - Log parser and Splunk.Network packet logs were generated from the attack situation which was reproduced in the lab environment and collected in the network traffic in the lab environment.The course will not cover the legal forensics domain. We will look at the basic knowledge and tools necessary to perform work as a level 2 analyst, and learn how to use analysis tools through hands-on practice. Intrusion incident analysis methods from a practical point of view required for intrusion response and analysis tasks in a company will be reviewed together. The basic task of a security analyst is to respond to security threats based on an understanding of network communication and applications. It analyzes the threat logs generated by various security devices to find attackers who are trying to break in, and directly changes the settings of security devices to prevent attacks.
Overview
Section 1: Introduction
Lecture 1 Introduction
Lecture 2 Understanding Level 2 Analyst
Lecture 3 Who needs this exercise and who does not
Lecture 4 Course Introduction
Section 2: Prework
Lecture 5 Key Learning Objectives
Lecture 6 Data Analysis Tactics Part1
Lecture 7 Data Analysis Tactics Part2
Lecture 8 Types of Investigation
Section 3: Incident Response Drill - Episode1 IDS log investigation
Lecture 9 IDS log investigation
Lecture 10 Real-world Cyber Security Incident
Lecture 11 Lab exercise - IDS log analysis
Lecture 12 Lab exercise - Investigation tips
Section 4: Episode1 Walk-through
Lecture 13 IDS Log Investigation guide - part 1
Lecture 14 IDS Log Investigation guide - part 2
Lecture 15 Warp-up: IDS Log Investigation
Section 5: Web Application Server Incident Response
Lecture 16 Web Application Server Incident Response
Lecture 17 Lab exercise - Web log analysis
Lecture 18 Lab exercise - Investigation tips
Section 6: Episode2 Walk-through
Lecture 19 Web Log Investigation guide - Demo of web hacking
Lecture 20 Web Log Investigation guide - part 1
Lecture 21 Web Log Investigation guide - part 2
Lecture 22 Wrap-up Web Log Investigation
Section 7: Network Forensic
Lecture 23 Network Forensic
Lecture 24 Lab exercise - network forensic
Section 8: Episode 3 Walk-through
Lecture 25 Network forensic Investigation guide
Lecture 26 Wrap-up network forensic
Section 9: Appendix
Lecture 27 Real-world Incident Response Case Study
Security Incident Response who learns about security incidents that occur due to mistakes made easily by server administrators and think about preventative measures.,Security team analysts who need to find and investigates the attack vectors on a system in the event of a security incident.,Security team/development team who are struggling with recurring security incidents even if the system is continuously reinstalled.
Homepage
Code:
https://www.udemy.com/course/incident-response-drills-for-lv2-analyst-episode-1/
Links are Interchangeable - No Password - Single Extraction
