Search Results

Devices produced data in the form of events.As a refresher, events are observable occurrences that happen on a network system or device.This data provides visibility into an environment.Logs are one of the key ways security professionals detect unusual or mali...

In this reading, you’ll examine some best practices related to log management, storage, and protection. Understanding the best practices related to log collection and management will help improve log searches and better support your efforts in identifying and ...

I am Rebecca, I'm a security engineer at Google, and I focus in identity management.The best part of the job is probably thinking like an attacker.I love that part of seeing how can I break stuff, seeing a system and figuring out how can I get into it.If I was...

When you purchase an item in a store, you usually receive a receipt as a record of purchase.The receipt breaks down the transaction information with details such as the date and time, the cashier's name, the item name, cost, and the method of payment.But, not ...

You’ve learned about how logs record events that happen on a network, or system. In security, logs provide key details about activities that occurred across an organization, like who signed into an application at a specific point in time. As a security analyst...

Detection requires data, and this data can come from various data sources.You've already explored how different devices produce logs.Now we'll examine how different detection technologies monitor devices and log different types of system activity, like network...

In this reading, you’ll examine the different types of intrusion detection system (IDS) technologies and the alerts they produce. You’ll also explore the two common detection techniques used by detection systems. Understanding the capabilities and limitations ...

 Hi, I'm Grace, and I work in Detection and Response at Google.When I tell people what I do, they think it's awesome, I love being able to say, my job is to detect hackers trying to hack Google.There are people who trust us with their data that play critical r...

As a security analyst, you may be tasked with writing, customizing, or testing signatures.To do this, you'll use IDS tools.So in this section, we'll examine signature syntax and by the end, you'll be able to read a signature.A signature specifies detection rul...

Previously, you learned about signature-based analysis.You also learned how to read signatures used in network-based intrusion detection systems.Here, we'll use an open source signature-based IDS called Suricata to examine a signature.Many NIDS technologies co...

Previously, you learned about signature-based analysis.You also learned how to read signatures used in network-based intrusion detection systems.Here, we'll use an open source signature-based IDS called Suricata to examine a signature.Many NIDS technologies co...

Now let's examine some logs generated by Suricata.In Suricata, alerts and events are output in a format known as EVE JSON.EVE stands for Extensible Event Format and JSON stands for JavaScript Object Notation.As you previously learned, JSON uses key-value pairs...

So far, you've learned about detection signatures and you were introduced to Suricata, an incident detection system (IDS). In this reading, you’ll explore more about Suricata. You'll also learn about the value of writing customized signatures and configuratio...

Introduction In this lab activity, you'll explore the components of a rule using Suricata. You'll also have an opportunity to trigger a rule and examine the output in Suricata. You'll use the Bash shell to complete these steps.  What you’ll do You have mult...

As a security analyst, you'll need to be able to quickly access the relevant data required to perform your duties.Whether it's triaging alerts, monitoring systems, or analyzing log data during incident investigations, a SIEM is the tool for this job.As a quick...

In this reading, you’ll explore more on the importance of log ingestion. You may recall that security information and event management (SIEM) tools collect and analyze log data to monitor critical activities in an organization. You also learned about log analy...

Now that we've reviewed how a SIEM works, let's learn how to search and query events in a SIEM database.Data that's been imported into a SIEM can be accessed by entering queries into the SIEM's search engine.Massive amounts of data can be stored in a SIEM data...

So far, you’ve learned about how you can use security information and event management (SIEM) tools to search for security events such as failed login attempts. Remember, SIEM is an application that collects and analyzes log data to monitor critical activities...

Note: The following reading is an optional supplement to the following course item, Activity: Perform a query with Splunk . Both this reading and the following activity are optional and will not affect your completion of the course. You may choose to skip thi...

Congratulations!You've made it to the end of this section.You've made so much progress in your security journey.Let's review what we learned.You learned all about how to read and analyze logs.You examined how log files are created and used for analysis.You als...