Sometimes I run across a tidbit that isn’t really a full blog article, but it’s still something important. I’m going to refer to these as Packet Fragments. Today’s fragment is about the Cisco ASA. Especially when doing software upgrades I want to make sure that I’m on the correct unit before typing my commands. Instead […]
Describe these concepts as they are documented in NIST SP800-86: evidence collection order, data integrity, data preservation, volatile data collection Implementing Cisco Cybersecurity Operations (210-255) The best way to study for this objective is to read or at least read the highlights of the NIST document. Here are some of my notes. Evidence Collection Order […]
Define these activities as they relate to incident handling Implementing Cisco Cybersecurity Operations (210-255) Identification Continuous monitoring of the environment by the SOC allows for identification of true positive incidents. This monitoring can come from multiple sources including IPS/IDS, Firewalls, Endpoint Agents and the SIEM. Once detected and confirmed the incident is sent to the […]
Apply the NIST.SP800-61 r2 incident handling process to an event Implementing Cisco Cybersecurity Operations (210-255) The NIST.SP800-61 r2 incident handling process document contains several example scenarios. These are all contained in Appendix A of the document. Below are some of the suggested questions for each phase from section A-1 of the document. Preparation: Would the […]
Classify intrusion events into these categories as defined by the Cyber Kill Chain Model Implementing Cisco Cybersecurity Operations (210-255) The cyber kill chain model outlines all of the steps necessary for a cyber attack to be successful. If the chain is broken, the attack will fail. The cyber kill chain is also an ordered list […]
Compare and contrast deterministic and probabilistic analysis Implementing Cisco Cybersecurity Operations (210-255) Deterministic Analysis Deterministic analysis uses data that is known beforehand. One example is using port-based analysis to establish what application is being used in network communication. Basically, deterministic analysis uses known facts. Probabilistic Analysis Probabilistic analysis looks at all possibilities and tries to […]
Identify a correlation rule to distinguish the most significant alert from a given set of events from multiple data sources using the firepower management console Implementing Cisco Cybersecurity Operations (210-255) The Cisco Firepower Management Center has the ability for custom correlation rules. These rules can be created to trigger based on many different attributes. Once […]
Map DNS logs and HTTP logs together to find a threat actor Implementing Cisco Cybersecurity Operations (210-255) Map DNS, HTTP, and threat intelligence data together Implementing Cisco Cybersecurity Operations (210-255) Understanding logs from DNS servers and HTTP servers is important. Analyzing data from the logs can help with determining security incidents. Both types of logs […]
Identify potentially compromised hosts within the network based on a threat analysis report containing malicious IP address or domains Implementing Cisco Cybersecurity Operations (210-255) A threat analysis report helps an analyst by providing a list of all of the IPs or domains that a potentially compromised host has been communicating with. This information can help […]
Describe the retrospective analysis method to find a malicious file, provided file analysis report Implementing Cisco Cybersecurity Operations (210-255) The above image is a screenshot from a Cisco Firepower Management Center. In particular, it is a Network File Trajectory. In this case, it’s not overly interesting since the file was only seen going from one […]
© Ben Story 2019.
© Pack IT Forwarding 2019. Powered by WordPress
