If you are an associate-level cybersecurity analyst who is working in security operation centers, this course will help you explore data type categories in context to network security analytics.
By the end of the course, you will be able to: • Explain the data that is available to the network security analysis •Describe the various types of data used in monitoring network security • Describe the deployment and use of SIEMs to collect, sort, process, prioritize, store, and report alarms • Describe the functions of SOAR platforms and features of Cisco SecureX •Describe the Security Onion Open Source security monitoring tool • Explain how packet capture data is stored in the PCAP format and the storage requirements for full packet capture. • Describe packet capture usage and benefits for investigating security incidents • Describe packet captures using tools such as Tcpdump • Describe session data content and provide an example of session data •Describe transaction data content and provide an example of transaction data z • Describe alert data content and provide an example of alert data •Describe other types of NSM data (extracted content, statistical data, and metadata) •Explain the need to correlate NSM data and provide an example •Describe the Information Security CIA triad • Understand PII as it relates to information security • Describe compliance regulations and their effects on an organization • Describe intellectual property and the importance of protecting it • Use various tool capabilities of the Security Onion Linux distribution To be successful in this course, you should have the following background: 1. Skills and knowledge equivalent to those learned in Implementing and Administering Cisco Solutions (CCNA) v1.0 course 2. Familiarity with Ethernet and TCP/IP networking 3. Working knowledge of the Windows and Linux operating systems 4. Familiarity with basics of networking security concepts.