• Online, Self-Paced
Course Description

A lack of log analysis and security event monitoring results in security breaches going undetected for long periods of time. Learners can explore aspects and recommendations focusing on OWASP Top 10 2017 item A10: Insufficient Logging and Monitoring, in this 10-video course. Key concepts covered here include the details of OWASP Top 10 Item A10, which deals with common logging security flaws and insufficient logging and monitoring; learning how to mitigate insufficient logging and monitoring with an incident response plan; and learning how to configure Windows Event Viewer log forwarding. Next, you will observe how to configure a Linux environment for centralized logging using rsyslog forwarding; how to build a custom Windows Event Viewer log view; and how to attach a PowerShell script to a specific logged event. Finally, learn how to use a Windows Data Collector Set to establish a performance baseline; and how to use the Windows Performance Monitor tool to create a performance baseline and identify performance anomalies which could indicate security compromises.

Learning Objectives

A lack of log analysis and security event monitoring results in security breaches going undetected for long periods of time. Learners can explore aspects and recommendations focusing on OWASP Top 10 2017 item A10: Insufficient Logging and Monitoring, in this 10-video course. Key concepts covered here include the details of OWASP Top 10 Item A10, which deals with common logging security flaws and insufficient logging and monitoring; learning how to mitigate insufficient logging and monitoring with an incident response plan; and learning how to configure Windows Event Viewer log forwarding. Next, you will observe how to configure a Linux environment for centralized logging using rsyslog forwarding; how to build a custom Windows Event Viewer log view; and how to attach a PowerShell script to a specific logged event. Finally, learn how to use a Windows Data Collector Set to establish a performance baseline; and how to use the Windows Performance Monitor tool to create a performance baseline and identify performance anomalies which could indicate security compromises.

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.