Security monitoring processes create extensive logs and data. In this video, you’ll learn about transferring, storing, and reporting on logs created from journalctl, metadata, NetFlow, IPFIX, sFlow, protocol analyzers, and more. << Previous Video: Log Files Next: Endpoint Security Configuration >> One of the standard methods for transferring log files from one device to a …
Log Management – SY0-601 CompTIA Security+ : 4.3 Read More »
Security information can be found in the logs files of almost any device. In this video, you’ll learn about viewing log files on network devices, systems, applications, web servers, and more. << Previous Video: SIEM Dashboards Next: Log Management >> There are a number of devices that are connected to our networking infrastructure that can …
A SIEM can provide extensive visibility and reporting options. In this video, you’ll learn about using a SIEM (Security Information and Event Management) console and searching for important security details. << Previous Video: Vulnerability Scan Output Next: Log Files >> S-I-E-M, or SIEM, stands for Security Information and Event Management. This is usually a device …
SIEM Dashboards – SY0-601 CompTIA Security+ : 4.3 Read More »
The output of a vulnerability scan can identify significant security vulnerabilities. In this video, you’ll learn about vulnerability scans, reading through the results, and managing false positives and false negatives. << Previous Video: Attack Frameworks Next: SIEM Dashboards >> Vulnerability scanners are an important part of maintaining the safety and security of the devices on …
Vulnerability Scan Output – SY0-601 CompTIA Security+ : 4.3 Read More »
An attack framework can help prepare, understand, and react to cyber attacks. In this video, you’ll learn about the MITRE ATT&CK framework, the Diamond Model of Intrusion Analysis, and the cyber kill chain. << Previous Video: Incident Response Planning Next: Vulnerability Scan Output >> If you’re an IT security professional and you’re responsible for protecting …
Attack Frameworks – SY0-601 CompTIA Security+ : 4.2 Read More »
Most of the hard work related to security incidents happens before an event occurs. In this video, you’ll learn about tabletop exercises, walkthroughs, simulations, communication plans, and more. << Previous Video: Incident Response Process Next: Attack Frameworks >> Usually when we talk about security incidents, it’s usually after the fact, when one has already occurred. …
Incident Response Planning – SY0-601 CompTIA Security+ : 4.2 Read More »
Identifying and responding to an incident is an important part of IT security. In this video, you’ll learn about incident preparation, detection, precursors, indicators, and more. << Previous Video: Forensic Tools Next: Incident Response Planning >> As a security professional, you’ll be responsible for responding to security events that occur in your organization. Events like …
Incident Response Process – SY0-601 CompTIA Security+ : 4.2 Read More »
Some IT security investigations will require additional forensics. In this video, you’ll learn about memdump, WinHex, FTK imager, Autopsy, and more. << Previous Video: Packet Tools Next: Incident Response Process >> If you’ve ever imaged a drive or a partition in Linux, then you’ve probably used the DD command. The term DD comes from another …
Forensic Tools – SY0-601 CompTIA Security+ : 4.1 Read More »
Capturing packets is a foundational skill in IT security. In this video, you’ll learn about Wireshark, tcpdump, and Tcpreplay. << Previous Video: Shell and Script Environments Next: Forensic Tools >> As a security professional, we will always have a requirement to capture raw data from the network. One of the easiest ways to do this …
There are many options when working with shells and scripting environments. In this video, you’ll learn about SSH, Windows PowerShell, Python, and OpenSSL. << Previous Video: File Manipulation Tools Next: Packet Tools >> If you’re connecting to a remote device and using the terminal screen on that device, looks a little like this example here, …
Shell and Script Environments – SY0-601 CompTIA Security+ : 4.1 Read More »
