This course is designed for analysts involved in daily response to potential cyber security incidents, and who have access to the Einstein environment. The course begins with an overview of network flow and how the SiLK tools collect and store data. The next session focuses specifically on the Einstein environment. The basic SiLK tools are covered next, giving the analyst the ability to create simple analyses of network flow. Advanced SiLK tools follow, and cover how to create efficient and complex queries. The course culminates with a lab where students use their new skills to profile a network.
- Understand network flow and its role in cyber security
- Use the SiLK Analysis tool suite to analyze network flow data
- Profile network traffic using SiLK
- Understand the specifics of the Einstein environment