Security Event Triage: Monitoring Assets and Topology
Protecting your network is now more important than ever. You can accomplish this by comparing what you know should be on the network to current network and vulnerability scans in order to identify abnormal network devices and traffic.
What you'll learn
Being able to identify what should and what shouldn't be on your network is the first step in identifying suspicious activity on your network. In this course, Security and Event Triage: Monitoring Assets and Topology, you will learn the techniques that can help you identify potential security breaches. First, you'll learn about the importance of continuously inventorying network devices so that you know what should be on your network. Next, you'll see how to analyze network device scans and network traffic patterns to establish a baseline and to identify anomalies. Finally, you'll explore how to analyze network vulnerability scans to identify weaknesses that require attention. When you're finished with this course, you'll know how to quickly and effectively identify network anomalies.
Table of contents
- Module Introduction 1m
- Assets and IT Risk Management 5m
- Baselining the Network Environment 3m
- Gathering Network Device Inventory 6m
- Demo: Scan for network Devices Using PowerShell 4m
- Analyzing Network Device Inventory 5m
- Demo: Review Spiceworks Network Device Inventory 3m
- Demo: Analyze Network Device Traffic Using Grassmarlin 3m
- Module Summary 1m
- Module Introduction 1m
- Network and Vulnerability Scanning 5m
- Vulnerability Scanning 7m
- Demo: Interpret OpenVAS Scan Results 7m
- Device Security Compliance 2m
- Demo: Use PowerShell DSC to Ensure Compliance 4m
- Demo: Use Microsoft System Center Configuration Manager to Identify Non-compliance 4m
- Module Summary 1m