Log Correlation & Analysis to Identify Potential IOC

Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.

Time
49 minutes
Difficulty
Intermediate

When defending networked digital systems, attention must be paid to the logging mechanisms set in place to detect suspicious behavior. In this lab, students will work with Splunk to help correlate server logs, system logs, ...

Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.

Overview

The Cybrscore Log Correlation & Analysis to Identify Potential IOC lab is a premium Cybrary lab intended for students at the intermediate level. This lab teaches students how to perform an initial review of log data for possible IOC, import the logs into a security event correlation tool, and analyze the logs in more depth to identify potential IOC. These tasks develop multiple skills needed by cybersecurity professionals (as classified by NICCS): • Correlate incident data and perform cyber defense reporting; • Identify, collect, and seize documentary or physical evidence, to include digital media and logs associated with cyber intrusion incidents, investigations, and operations; • Skill in reviewing logs to identify evidence of past intrusions; • Knowledge of security event correlation tools; and • Skill in using security event correlation tools.

These skills and abilities are used by a variety of cybersecurity professionals including Cyber Crime Investigators, Cyber Defense Analysts, Cyber Defense Forensics Analysts, Cyber Defense Incident Responders, Law Enforcement/Counterintelligence Forensics Analysts, Security Control Assessors, and Vulnerability Assessment Analysts. Upon successful completion of the Cybrscore Log Correlation & Analysis to Identify Potential IOC lab, the student will be able to perform an initial log review, import logs into Splunk, and analyze logs for possible IOC.

The Cybrscore Log Correlation & Analysis to Identify Potential IOC lab will typically take less than 1-hour to complete.

The Cybrscore Log Correlation & Analysis to Identify Potential IOC lab requires the student to review a variety of logs to identify potential IOC. This task serves to develop skill in reviewing logs to identify evidence of past intrusions. This skill is a key component of performing the work roles of Security Control Assessor and Vulnerability Assessment Analyst.

The Cybrscore Log Correlation & Analysis to Identify Potential IOC lab also requires the student to import these logs into Splunk for further investigation. This task helps the student gain skills in correlating incident data and perform cyber defense reporting, knowledge of security event correlation tools, and skill in using security event correlation tools. These abilities are important to individuals in the work roles of Cyber Crime Investigators, Cyber Defense Analysts, Cyber Defense Forensics Analysts, Cyber Defense Incident Responders, Security Control Assessors, and Vulnerability Assessment Analysts.

The Cybrscore Log Correlation & Analysis to Identify Potential IOC lab also requires the student to perform some basic analysis to determine potential IOC. This task helps develop knowledge and skill related to security event correlation tools, which is important to the Cyber Defense Analyst, Cyber Defense Forensics Analyst, Security Control Assessor, and Vulnerability Assessment Analyst. This task will also help students build toward the ability to Identify, collect, and seize documentary or physical evidence, to include digital media and logs associated with cyber intrusion incidents, investigations, and operations. This skill is important for the Law Enforcement/Counterintelligence Forensics Analyst.

The Cybrscore Log Correlation & Analysis to Identify Potential IOC lab is presented by Cybrary and was created by CYBRScore. This lab continues to develop the skill of working with security event correlation tools and builds upon the content in the CYBRScore Event Log Collection lab and the CYBRScore Creating SIEM Reports with Splunk lab. The lab is a great addition for students pursuing the Become a Security Operations Center (SOC) career path as well as providing critical training for the Cyber Defense Analyst, Cyber Defense Forensics Analyst, Security Control Assessor, and Vulnerability Assessment Analyst work roles. Completion of the Cybrscore Log Correlation & Analysis to Identify Potential IOC lab means that the student has learned how to perform an initial review of log files, import the logs into a security event correlation tool, and analyze the logs in more depth to identify potential POC.

Click on the Cybrscore Log Correlation & Analysis to Identify Potential IOC lab to learn how to conduct an initial review of logs and then import the logs into a security event correlation tool.