Compare and contrast impact and no impact for these items: False Positive, False Negative, True Positive, True Negative Implementing Cisco Cybersecurity Operations (210-255) Security analysts must work to minimize both false positives and false negatives. False positives take up time to determine that the detection is not a problem. False negatives let malicious activity succeed […]

Read More »

Map the provided events to these source technologies: NetFlow, IDS / IPS, Firewall, Network application control, Proxy logs, Antivirus Implementing Cisco Cybersecurity Operations (210-255) NetFlow NetFlow (or IPFIX) data will contain the standard 5-tuple of information: source IP address, destination IP address, source port, destination port, and the protocol. IDS/IPS Intrusion Detection or Protection Systems […]

Read More »

Interpret common artifact elements from an event to identify an alert Implementing Cisco Cybersecurity Operations (210-255) IP Address (source/destination) IP address artifacts are useful to help identify both the attacker and the victim in a cybersecurity incident. IP address information can also help with tracking an attacker when they pivot through other systems. Client and […]

Read More »

Extract files from a TCP stream when given a PCAP file and Wireshark Implementing Cisco Cybersecurity Operations (210-255) For this example, I made a sample pcapng file using Wireshark. I did a wget of a graphics file from my website. Go to File>Export Objects>HTTP (works the same with the other protocols listed) 2. Choose the […]

Read More »