Utilizing Zeek 4 in an Enterprise Environment or for Distributed Operations

سرفصل های دوره

Zeek is an open-source network security monitoring (NSM) tool. This course will teach you how to deploy Zeek at scale and how to use Zeek data for continuous monitoring, threat hunting, and incident response.

1 - Course Overview

1. Course Overview

2 - Designing a Zeek Deployment for Enterprise Monitoring

1. Version Check

2. Configuring a Zeek Management Host

3. Demo - Configuring a Zeek Management Host

4. Developing a Sensor Strategy

5. Connecting Zeek Workers to the Management Host

6. Demo - Connecting Zeek Workers to the Management Host

7. Working with the Filebeat Agent

8. Shipping Zeek Data to a SIEM (ELK)

3 - Using Zeek for Continuous Monitoring

1. Rogue Server Detection

2. SSL Certificate Auditing

3. Demo - SSL Certificate Auditing

4. DNS Auditing

5. Demo - DNS Auditing

6. Limitations

4 - Using Zeek for Defensive Cyber Operations

1. Detecting Network Reconnaissance

2. Demo - Detecting Network Reconnaissance

3. Hunting Data Exfiltration

4. Demo - Hunting Data Exfiltration

5. Malicious File Extraction

6. Demo - Malicious File Extraction

7. Post-mortem Analysis

8. Demo - Post-mortem Analysis

9. Course Review

Exercise Files

utilizing-zeek-enterprise-environment-distributed-operations.zip

139,000 تومان

خرید اشتراک افزودن به سبد خرید

خرید دانلودی فوری

در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

تولید کننده: PluralSight