Describe the retrospective analysis method to find a malicious file, provided file analysis report Implementing Cisco Cybersecurity Operations (210-255) The above image is a screenshot from a Cisco Firepower Management Center. In particular, it is a Network File Trajectory. In this case, it’s not overly interesting since the file was only seen going from one […]

Read More »

Describe 5-tuple correlation Implementing Cisco Cybersecurity Operations (210-255) Describe the 5-tuple approach to isolate a compromised host in a grouped set of logs Implementing Cisco Cybersecurity Operations (210-255) As noted in the discussion of Netflow, the 5-tuple consists of the Protocol, Source IP, Source Port, Destination IP, and Destination Port. When doing a correlation, the […]

Read More »

Interpret common data values into a universal format Implementing Cisco Cybersecurity Operations (210-255) For this objective, I would suggest using Security Onion to collect some data from a firewall and IPS. Within the Security Onion stack is a tool called ELSA. ELSA is an open-source SEIM product. It takes the logs and puts them into […]

Read More »

Describe the process of data normalization Implementing Cisco Cybersecurity Operations (210-255) Data normalization is the process of removing duplicate information and increasing the accuracy of the information. In cybersecurity tools like SEIMs can help take IPS or other sources and by normalization make them more usable. The data is also put into a common format […]

Read More »