Explore how to interrupt common artifact elements from an event to identify an alert, identify key intrusion elements from a PCAP file, extract files from a TCP stream given a PCAP file, and work with Wireshark.
Learning Objectives
SECOPS: Examining Intrusion Events
- use various techniques to identify and examine intrusion events