Search Results

Previously, you explored the Containment, Eradication and Recovery phase of the NIST Incident Response Lifecycle. This reading explores the activities involved in the final phase of the lifecycle: Post-incident activity. As a security analyst, it's important t...

Working Off-Platform Getting Started: To work on this project, you will need an IDE or text editor and a web browser. You also have the option of downloading the starter files for a quick start. Alternatively, you can use your own existing files or start fro...

That wraps up our discussion on incident investigation and response.Nice work on finishing up another section!We've covered a lot here, so let's take a moment to quickly recap.First, we revisited the detection and analysis phase of the NIST incident response l...

History books. Receipts. Diaries.What do all these things have in common?They record events.Whether it's historical events, financial transactions, or private diary entries, records preserve event details.And having access to these details can help us in many ...

Devices produced data in the form of events.As a refresher, events are observable occurrences that happen on a networksystem or device.This data provides visibility into an environment.Logs are one of the key ways security professionals detect unusual ormalici...

Devices produced data in the form of events.As a refresher, events are observable occurrences that happen on a network system or device.This data provides visibility into an environment.Logs are one of the key ways security professionals detect unusual or mali...

In this reading, you’ll examine some best practices related to log management, storage, and protection. Understanding the best practices related to log collection and management will help improve log searches and better support your efforts in identifying and ...

I am Rebecca, I'm a security engineer at Google, and I focus in identity management.The best part of the job is probably thinking like an attacker.I love that part of seeing how can I break stuff, seeing a system and figuring out how can I get into it.If I was...

When you purchase an item in a store, you usually receive a receipt as a record of purchase.The receipt breaks down the transaction information with details such as the date and time, the cashier's name, the item name, cost, and the method of payment.But, not ...

You’ve learned about how logs record events that happen on a network, or system. In security, logs provide key details about activities that occurred across an organization, like who signed into an application at a specific point in time. As a security analyst...

Detection requires data, and this data can come from various data sources.You've already explored how different devices produce logs.Now we'll examine how different detection technologies monitor devices and log different types of system activity, like network...

In this reading, you’ll examine the different types of intrusion detection system (IDS) technologies and the alerts they produce. You’ll also explore the two common detection techniques used by detection systems. Understanding the capabilities and limitations ...

 Hi, I'm Grace, and I work in Detection and Response at Google.When I tell people what I do, they think it's awesome, I love being able to say, my job is to detect hackers trying to hack Google.There are people who trust us with their data that play critical r...

As a security analyst, you may be tasked with writing, customizing, or testing signatures.To do this, you'll use IDS tools.So in this section, we'll examine signature syntax and by the end, you'll be able to read a signature.A signature specifies detection rul...

Previously, you learned about signature-based analysis.You also learned how to read signatures used in network-based intrusion detection systems.Here, we'll use an open source signature-based IDS called Suricata to examine a signature.Many NIDS technologies co...

Previously, you learned about signature-based analysis.You also learned how to read signatures used in network-based intrusion detection systems.Here, we'll use an open source signature-based IDS called Suricata to examine a signature.Many NIDS technologies co...

Now let's examine some logs generated by Suricata.In Suricata, alerts and events are output in a format known as EVE JSON.EVE stands for Extensible Event Format and JSON stands for JavaScript Object Notation.As you previously learned, JSON uses key-value pairs...

So far, you've learned about detection signatures and you were introduced to Suricata, an incident detection system (IDS). In this reading, you’ll explore more about Suricata. You'll also learn about the value of writing customized signatures and configuratio...

Introduction In this lab activity, you'll explore the components of a rule using Suricata. You'll also have an opportunity to trigger a rule and examine the output in Suricata. You'll use the Bash shell to complete these steps.  What you’ll do You have mult...

As a security analyst, you'll need to be able to quickly access the relevant data required to perform your duties.Whether it's triaging alerts, monitoring systems, or analyzing log data during incident investigations, a SIEM is the tool for this job.As a quick...