Third-Party Logging Agents

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Sign up with Google
Sign up with Apple
Sign up with Microsoft
View all SSO options

Already have an account? Sign In »

CompTIA Linux+
Course
Time
21 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
21
Video Transcription
00:02
>> Hey, Cybrarians, and welcome back to
00:02
the Linux plus course here at Cybrary.
00:02
I'm your instructor, Rob Goelz.
00:02
In today's lesson, we're going
00:02
to cover third-party agents.
00:02
Upon completion of today's lesson,
00:02
you are going to be able to understand
00:02
the purpose of third-party agents,
00:02
and then we're going to talk
00:02
about the differences between
00:02
some common third-party agents you may see.
00:02
Besides logging using syslog or journald,
00:02
we can also use third-party agents.
00:02
These agents are sometimes used
00:02
>> because they can perform
00:02
>> advanced data analytics and have correlation tools.
00:02
These can be used sometimes to
00:02
better detect security issues.
00:02
Some third-party agents work off of one of
00:02
the custom, local facilities we talked about,
00:02
local 037, while others have
00:02
their own packages or utilities
00:02
that you have to install on your system.
00:02
A few common third-party agents.
00:02
First off the bat, Splunk.
00:02
Splunk is a monitoring and log aggregation agent
00:02
and it's been around for a long time.
00:02
You can learn more about at splunk.com.
00:02
ElasticStack is a little bit newer.
00:02
It's used to collect, correlate, and visualize data,
00:02
>> and you can find more information
00:02
>> about them at elastic.co.
00:02
>> AlienVault is what is known as
00:02
a Security Information and Event Management Tool,
00:02
otherwise known as SIEM.
00:02
You'll see this a lot, especially if you
00:02
move into doing more security stuff,
00:02
if you look into security plus.
00:02
SIEM tools are used to detect
00:02
and correlate security events.
00:02
They actually got purchased by AT&T.
00:02
You can find more about that at cybersecurity.att.com.
00:02
Then the final one we'll mention
00:02
>> here is called Datadog.
00:02
>> Datadog focuses on
00:02
>> Cloud applications and observability.
00:02
>> This is really granular information about
00:02
things like microservices and that stuff
00:02
that you get into when you're doing stuff that's very
00:02
DevSecOps focused wherever you're working in the Cloud,
00:02
especially with containerization and
00:02
things of that nature.
00:02
With that, in this lesson, we covered
00:02
the purpose of third-party agents
00:02
and we talked about some of
00:02
the common third-party agents and their strengths.
00:02
Thanks so much for being here,
00:02
>> and I look forward to seeing you in the next lesson.
Up Next
View All
Instructed By
Rob Goelz

Rob Goelz

Systems Engineer

Instructor
Similar Content
CompTIA A+ 220-1001
Course
CompTIA A+ 220-1001
4.14
Ready to start your career in IT and cybersecurity? Earn your CompTIA A+ certification on ...
12CEUs
CompTIA Linux+
Virtual Lab
CompTIA Linux+
4.5
These same tasks will help you understand the objectives and competencies required by the CompTIA ...
CompTIA Linux+ XK0-004 Practice Test
Practice Test
CompTIA Linux+ XK0-004 Practice Test
The Linux+ exam preparation bundle helps prepare students for the CompTIA Linux+ certification exam. ...