In my last PowerShell post, I hope I convinced you that PowerShell isn’t just for the server engineers. This time we’ll take a look at a few more cmdlets that can come in handy for network engineers. A Ping of a Different Color Ok so ping is not exactly revolutionary, but if you’re wanting to […]
Today in the mail I saw the all too familiar envelope from my bank’s debit card issuer. No, my debit card isn’t expired. As usual, it’s been involved in yet another credit card processing breach. Again, as usual, my bank doesn’t tell me where my card number was compromised. This time though I have a […]
Classify intrusion events into these categories as defined by the Cyber Kill Chain Model Implementing Cisco Cybersecurity Operations (210-255) The cyber kill chain model outlines all of the steps necessary for a cyber attack to be successful. If the chain is broken, the attack will fail. The cyber kill chain is also an ordered list […]
Compare and contrast deterministic and probabilistic analysis Implementing Cisco Cybersecurity Operations (210-255) Deterministic Analysis Deterministic analysis uses data that is known beforehand. One example is using port-based analysis to establish what application is being used in network communication. Basically, deterministic analysis uses known facts. Probabilistic Analysis Probabilistic analysis looks at all possibilities and tries to […]
Identify a correlation rule to distinguish the most significant alert from a given set of events from multiple data sources using the firepower management console Implementing Cisco Cybersecurity Operations (210-255) The Cisco Firepower Management Center has the ability for custom correlation rules. These rules can be created to trigger based on many different attributes. Once […]
Map DNS logs and HTTP logs together to find a threat actor Implementing Cisco Cybersecurity Operations (210-255) Map DNS, HTTP, and threat intelligence data together Implementing Cisco Cybersecurity Operations (210-255) Understanding logs from DNS servers and HTTP servers is important. Analyzing data from the logs can help with determining security incidents. Both types of logs […]
Identify potentially compromised hosts within the network based on a threat analysis report containing malicious IP address or domains Implementing Cisco Cybersecurity Operations (210-255) A threat analysis report helps an analyst by providing a list of all of the IPs or domains that a potentially compromised host has been communicating with. This information can help […]
Rackstuds are one of those things that you didn’t know you needed until you first get some. Cage nuts have caused me more pain than just about any other non-powered piece of hardware I’ve ever used. I’ve been pinched, bled and even hit in the nose(they can fly I tell you) by cage nuts. What’s […]
Describe the retrospective analysis method to find a malicious file, provided file analysis report Implementing Cisco Cybersecurity Operations (210-255) The above image is a screenshot from a Cisco Firepower Management Center. In particular, it is a Network File Trajectory. In this case, it’s not overly interesting since the file was only seen going from one […]
Describe 5-tuple correlation Implementing Cisco Cybersecurity Operations (210-255) Describe the 5-tuple approach to isolate a compromised host in a grouped set of logs Implementing Cisco Cybersecurity Operations (210-255) As noted in the discussion of Netflow, the 5-tuple consists of the Protocol, Source IP, Source Port, Destination IP, and Destination Port. When doing a correlation, the […]
© Ben Story 2019.
© Pack IT Forwarding 2019. Powered by WordPress
