Alienvault Monitoring - SIEM and Netflow

Practice Labs Module
Time
1 hour
Difficulty
Intermediate

The "Alienvault Monitoring - SIEM and Netflow" module provides you with the instructions and devices to develop your hands-on skills in the following topics: AlienVault Exploration and Configuration, Netflow Monitoring, Traffic Capture with AlienVault, NMAP vs AlienVault, AlienVault Security.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Overview

Introduction

The Alienvault Monitoring - SIEM and Netflow module provides you with the instructions and devices to develop your hands-on skills in the following topics:

  • AlienVault Exploration and Configuration
  • Netflow Monitoring
  • Traffic Capture with AlienVault
  • NMAP vs AlienVault
  • AlienVault Security

Lab time: It will take approximately 1 hour to complete this lab.

Exam Objectives

The following exam objectives are covered in this lab:

  • CS0-001 1.1: Given a scenario, apply environmental reconnaissance techniques using appropriate tools and processes
  • CS0-001 1.2: Given a scenario, analyze the results of a network reconnaissance
  • CS0-001 4.2: Given a scenario, use data to recommend remediation of security issues related to identity and access management
  • CS0-001 4.3: Given a scenario, review security architecture and make recommendations to implement compensating controls

Exercise 1 - AlienVault Exploration and Configuration

AlienVault is a network monitoring system which uses OSSIM (Open Source Security Information Management) as a backbone of which it’s able to assist with intrusion detection and prevention operations.

It comprises of a number of tools which work in unison to protect the alert an administrator of events happening across either the network or on devices where an agent has been deployed and configured to perform specific tasks and report back.

In this exercise, you will learn the following:

  • Activate the AlienVault System
  • Dashboard Update
  • SIEM Events

Exercise 2 - Netflow Monitoring

Netflow is a feature used on routers to collect IP network traffic as it moves from device to device, it will report on the ports, IP and protocols being used. It will give general information about packet quantities as well moving through ports as well. This aids an understanding of how much activity is happening across the network and if there are places which are bottlenecks or have large quantities of data movement which need to be considered more closely.

In this exercise, you will learn the following:

  • Netflow Monitoring

Exercise 3 - Traffic Capture with AlienVault

AlienVault has the ability to catch traffic on the fly for a duration of time and save that information as a PCAP to be viewed by a PCAP reader. Traffic capture assists with intercepting data packets and using them for network troubleshooting problems.

In this exercise, you will learn the following:

  • Traffic Capture Setup
  • Wireshark the PCAP

Exercise 4 - NMAP vs AlienVault

NMAP is used to perform a range of scanning tasks including to work out the topology of a network environment. It scans ports looking at the results of whether they are listening or closed, the traffic type they respond to and can perform handshake exchanges with the ports to initiate a connection. It then feeds back the information in a report to the user to see for example what type of operating system is being used on the network.

In this exercise, you will learn the following:

  • Activate NMAP
  • Traffic Capture NMAP
  • Reviewing NMAP Results
  • SharkVault Packet Viewer

Exercise 5 - AlienVault SIEM Analysis and Tickets

AlienVault analysis tools are used to view events happening, it keeps a log of information taking place and will highlight events of concern, but there is also the option to highlight events which the SIEM doesn’t consider important and place them as tickets in the system to be resolved at a later date.

In this exercise, you will learn the following:

  • Analysis and Tickets
Learning Partner
Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.