• Classroom
  • Online, Instructor-Led

This Training covers the analysis and management of systems, network, security logs, and introduction of incident handling alerting. Alert correlation is the process that analyzes the alerts that are produced by one or more intrusion detection systems and provides a more concise high-level view of occurring or attempted intrusions. The correlation process is carried out by several components, each of which has a specific goal.

Learning Objectives

Identify Indicators of Compromise (IoC) and Indicators of Attack (IoA) from gathered intelligence|Identify 7 domains of data analysis|Configure logging for Windows, Unix, Linux systems|Grasp logging concepts for firewalls, Network Intrusion Detection (NID), Applications and Syslog|Identify common logging mistakes|Recognize common logging and monitoring platforms| Rehearse the log management process| Define data integrity| Detect data manipulation| Recognize specific logs for incident response and forensics|Categorize incidents and events according to severity|Rehearse the incident handling process|Understand the role of machine learning in data analysis|Comprehend the importance of event correlation|Correlate events and consolidate attacks into incidents|Perform basic searching on a Security Information and Event Manager (SIEM)|Configure Windows Logging|Configure Unix Logging|Configure Linux Logging|Factor variables|Perform cluster analysis|Define boundaries of time series analysis|Perform pooled forecasts|Assess critical system vulnerabilities|Perform QRadar Analysis|Define Custom Event Properties|Perform Splunk Analysis

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):