{"id":867,"date":"2019-08-21T07:00:26","date_gmt":"2019-08-21T12:00:26","guid":{"rendered":"https:\/\/packitforwarding.com\/?p=867"},"modified":"2020-02-25T09:32:28","modified_gmt":"2020-02-25T15:32:28","slug":"ccna-cyberops-secops-objectives-4-3-and-4-4","status":"publish","type":"post","link":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/21\/ccna-cyberops-secops-objectives-4-3-and-4-4\/","title":{"rendered":"CCNA CyberOps SECOPS &#8211; Objectives 4.3 and 4.4"},"content":{"rendered":"\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>Describe 5-tuple correlation <\/p><cite><strong>Implementing Cisco Cybersecurity Operations (210-255) <\/strong> <\/cite><\/blockquote>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>Describe the 5-tuple approach to isolate a compromised host in a grouped set of logs <\/p><cite><strong>Implementing Cisco Cybersecurity Operations (210-255) <\/strong> <\/cite><\/blockquote>\n\n\n\n<p>As noted in the discussion of <a href=\"https:\/\/packitforwarding.com\/index.php\/2019\/08\/10\/ccna-cyberops-secops-objective-2-7\/\">Netflow<\/a>, the 5-tuple consists of the Protocol, Source IP, Source Port, Destination IP, and Destination Port. When doing a correlation, the 5-tuple can be used to connect logs from various sources. For example, logs from a firewall, IPS and Netflow data could be combined to give a better view of what the host in an alert was doing. <\/p>\n\n\n\n<p>The 5-tuple also allows an analyst to focus on a certain host for closer examination. In this way, data collected about a compromised host can be narrowed to the important information increasing the signal to noise ratio.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Describe 5-tuple correlation Implementing Cisco Cybersecurity Operations (210-255) Describe the 5-tuple approach to isolate a compromised host in a grouped set of logs Implementing Cisco Cybersecurity Operations (210-255) As noted in the discussion of Netflow, the 5-tuple consists of the Protocol, Source IP, Source Port, Destination IP, and Destination Port. When doing a correlation, the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":201,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"CCNA CyberOps SECOPS - Objectives 4.3 and 4.4 #ciscocert #ccnacyberops #ciscochampions","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[88,105,31,24],"tags":[107,90,106,149],"class_list":["post-867","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-ccna-cyberops","category-certification","category-cisco","tag-ccna-cyberops","tag-certification","tag-cisco","tag-cisco-certified-cyber-ops-associate"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>CCNA CyberOps SECOPS - Objectives 4.3 and 4.4 -<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/packitforwarding.com\/index.php\/2019\/08\/21\/ccna-cyberops-secops-objectives-4-3-and-4-4\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CCNA CyberOps SECOPS - Objectives 4.3 and 4.4 -\" \/>\n<meta property=\"og:description\" content=\"Describe 5-tuple correlation Implementing Cisco Cybersecurity Operations (210-255) Describe the 5-tuple approach to isolate a compromised host in a grouped set of logs Implementing Cisco Cybersecurity Operations (210-255) As noted in the discussion of Netflow, the 5-tuple consists of the Protocol, Source IP, Source Port, Destination IP, and Destination Port. When doing a correlation, the [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/packitforwarding.com\/index.php\/2019\/08\/21\/ccna-cyberops-secops-objectives-4-3-and-4-4\/\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/packitforwarding\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/packitforwarding\" \/>\n<meta property=\"article:published_time\" content=\"2019-08-21T12:00:26+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-02-25T15:32:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/pexels-photo-373543.jpeg?fit=640%2C426&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"426\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ben Story\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/www.twitter.com\/ntwrk80\" \/>\n<meta name=\"twitter:site\" content=\"@ntwrk80\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Story\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/21\\\/ccna-cyberops-secops-objectives-4-3-and-4-4\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/21\\\/ccna-cyberops-secops-objectives-4-3-and-4-4\\\/\"},\"author\":{\"name\":\"Ben Story\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\"},\"headline\":\"CCNA CyberOps SECOPS &#8211; Objectives 4.3 and 4.4\",\"datePublished\":\"2019-08-21T12:00:26+00:00\",\"dateModified\":\"2020-02-25T15:32:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/21\\\/ccna-cyberops-secops-objectives-4-3-and-4-4\\\/\"},\"wordCount\":135,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\"},\"image\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/21\\\/ccna-cyberops-secops-objectives-4-3-and-4-4\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2018\\\/09\\\/pexels-photo-373543.jpeg?fit=640%2C426&ssl=1\",\"keywords\":[\"CCNA CyberOps\",\"certification\",\"cisco\",\"Cisco Certified Cyber Ops Associate\"],\"articleSection\":[\"Blog\",\"CCNA CyberOps\",\"Certification\",\"cisco\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/21\\\/ccna-cyberops-secops-objectives-4-3-and-4-4\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/21\\\/ccna-cyberops-secops-objectives-4-3-and-4-4\\\/\",\"url\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/21\\\/ccna-cyberops-secops-objectives-4-3-and-4-4\\\/\",\"name\":\"CCNA CyberOps SECOPS - Objectives 4.3 and 4.4 -\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/21\\\/ccna-cyberops-secops-objectives-4-3-and-4-4\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/21\\\/ccna-cyberops-secops-objectives-4-3-and-4-4\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2018\\\/09\\\/pexels-photo-373543.jpeg?fit=640%2C426&ssl=1\",\"datePublished\":\"2019-08-21T12:00:26+00:00\",\"dateModified\":\"2020-02-25T15:32:28+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/21\\\/ccna-cyberops-secops-objectives-4-3-and-4-4\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/21\\\/ccna-cyberops-secops-objectives-4-3-and-4-4\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/21\\\/ccna-cyberops-secops-objectives-4-3-and-4-4\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2018\\\/09\\\/pexels-photo-373543.jpeg?fit=640%2C426&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2018\\\/09\\\/pexels-photo-373543.jpeg?fit=640%2C426&ssl=1\",\"width\":640,\"height\":426},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/index.php\\\/2019\\\/08\\\/21\\\/ccna-cyberops-secops-objectives-4-3-and-4-4\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/packitforwarding.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CCNA CyberOps SECOPS &#8211; Objectives 4.3 and 4.4\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#website\",\"url\":\"https:\\\/\\\/packitforwarding.com\\\/\",\"name\":\"\",\"description\":\"Paying it forward to the next generation of IT.\",\"publisher\":{\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/packitforwarding.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/packitforwarding.com\\\/#\\\/schema\\\/person\\\/441c2562293c45fbcf483f246430e6c8\",\"name\":\"Ben Story\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\",\"width\":489,\"height\":250,\"caption\":\"Ben Story\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/packitforwarding.com\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1\"},\"description\":\"In the course of my career, I have had the pleasure of working in multiple verticals including Education, Logistics and Healthcare. Although I started as a systems administrator (aka server jockey), I am now firmly in the network engineering arena. Currently I am working for a multi-state hospital system.\",\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/packitforwarding\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/benstory\",\"https:\\\/\\\/x.com\\\/https:\\\/\\\/www.twitter.com\\\/ntwrk80\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CCNA CyberOps SECOPS - Objectives 4.3 and 4.4 -","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/21\/ccna-cyberops-secops-objectives-4-3-and-4-4\/","og_locale":"en_US","og_type":"article","og_title":"CCNA CyberOps SECOPS - Objectives 4.3 and 4.4 -","og_description":"Describe 5-tuple correlation Implementing Cisco Cybersecurity Operations (210-255) Describe the 5-tuple approach to isolate a compromised host in a grouped set of logs Implementing Cisco Cybersecurity Operations (210-255) As noted in the discussion of Netflow, the 5-tuple consists of the Protocol, Source IP, Source Port, Destination IP, and Destination Port. When doing a correlation, the [&hellip;]","og_url":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/21\/ccna-cyberops-secops-objectives-4-3-and-4-4\/","article_publisher":"https:\/\/www.facebook.com\/packitforwarding","article_author":"https:\/\/www.facebook.com\/packitforwarding","article_published_time":"2019-08-21T12:00:26+00:00","article_modified_time":"2020-02-25T15:32:28+00:00","og_image":[{"width":640,"height":426,"url":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/pexels-photo-373543.jpeg?fit=640%2C426&ssl=1","type":"image\/jpeg"}],"author":"Ben Story","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/www.twitter.com\/ntwrk80","twitter_site":"@ntwrk80","twitter_misc":{"Written by":"Ben Story","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/21\/ccna-cyberops-secops-objectives-4-3-and-4-4\/#article","isPartOf":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/21\/ccna-cyberops-secops-objectives-4-3-and-4-4\/"},"author":{"name":"Ben Story","@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8"},"headline":"CCNA CyberOps SECOPS &#8211; Objectives 4.3 and 4.4","datePublished":"2019-08-21T12:00:26+00:00","dateModified":"2020-02-25T15:32:28+00:00","mainEntityOfPage":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/21\/ccna-cyberops-secops-objectives-4-3-and-4-4\/"},"wordCount":135,"commentCount":0,"publisher":{"@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8"},"image":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/21\/ccna-cyberops-secops-objectives-4-3-and-4-4\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/pexels-photo-373543.jpeg?fit=640%2C426&ssl=1","keywords":["CCNA CyberOps","certification","cisco","Cisco Certified Cyber Ops Associate"],"articleSection":["Blog","CCNA CyberOps","Certification","cisco"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/packitforwarding.com\/index.php\/2019\/08\/21\/ccna-cyberops-secops-objectives-4-3-and-4-4\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/21\/ccna-cyberops-secops-objectives-4-3-and-4-4\/","url":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/21\/ccna-cyberops-secops-objectives-4-3-and-4-4\/","name":"CCNA CyberOps SECOPS - Objectives 4.3 and 4.4 -","isPartOf":{"@id":"https:\/\/packitforwarding.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/21\/ccna-cyberops-secops-objectives-4-3-and-4-4\/#primaryimage"},"image":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/21\/ccna-cyberops-secops-objectives-4-3-and-4-4\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/pexels-photo-373543.jpeg?fit=640%2C426&ssl=1","datePublished":"2019-08-21T12:00:26+00:00","dateModified":"2020-02-25T15:32:28+00:00","breadcrumb":{"@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/21\/ccna-cyberops-secops-objectives-4-3-and-4-4\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/packitforwarding.com\/index.php\/2019\/08\/21\/ccna-cyberops-secops-objectives-4-3-and-4-4\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/21\/ccna-cyberops-secops-objectives-4-3-and-4-4\/#primaryimage","url":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/pexels-photo-373543.jpeg?fit=640%2C426&ssl=1","contentUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/pexels-photo-373543.jpeg?fit=640%2C426&ssl=1","width":640,"height":426},{"@type":"BreadcrumbList","@id":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/21\/ccna-cyberops-secops-objectives-4-3-and-4-4\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/packitforwarding.com\/"},{"@type":"ListItem","position":2,"name":"CCNA CyberOps SECOPS &#8211; Objectives 4.3 and 4.4"}]},{"@type":"WebSite","@id":"https:\/\/packitforwarding.com\/#website","url":"https:\/\/packitforwarding.com\/","name":"","description":"Paying it forward to the next generation of IT.","publisher":{"@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/packitforwarding.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/packitforwarding.com\/#\/schema\/person\/441c2562293c45fbcf483f246430e6c8","name":"Ben Story","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1","url":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1","contentUrl":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1","width":489,"height":250,"caption":"Ben Story"},"logo":{"@id":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2026\/02\/cropped-PIF_Logo-Color-Horizontal-Rounded-1.png?fit=489%2C250&ssl=1"},"description":"In the course of my career, I have had the pleasure of working in multiple verticals including Education, Logistics and Healthcare. Although I started as a systems administrator (aka server jockey), I am now firmly in the network engineering arena. Currently I am working for a multi-state hospital system.","sameAs":["https:\/\/www.facebook.com\/packitforwarding","https:\/\/www.linkedin.com\/in\/benstory","https:\/\/x.com\/https:\/\/www.twitter.com\/ntwrk80"]}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/pexels-photo-373543.jpeg?fit=640%2C426&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pay9MD-dZ","jetpack-related-posts":[{"id":794,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/07\/ccna-cyberops-secops-objective-2-3\/","url_meta":{"origin":867,"position":0},"title":"CCNA CyberOps SECOPS &#8211; Objective 2.3","author":"Ben Story","date":"August 7, 2019","format":false,"excerpt":"Identify the elements from a NetFlow v5 record from a security event Implementing Cisco Cybersecurity Operations (210-255) When it comes to Netflow, the 5-tuple is king. Be sure to know the 5-tuple. Source IP AddressDestination IP AddressSource PortDestination PortProtocol10.1.1.2192.168.1.323343443TCP10.1.3.3192.168.3.24323253UDP192.168.4.5172.16.3.23232125TCP Beyond the 5-tuple, Netflow v9 and IPFIX (Industry Standard) allow for\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/pexels-photo-373543.jpeg?fit=640%2C426&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/pexels-photo-373543.jpeg?fit=640%2C426&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/09\/pexels-photo-373543.jpeg?fit=640%2C426&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":815,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/10\/ccna-cyberops-secops-objective-2-7\/","url_meta":{"origin":867,"position":1},"title":"CCNA CyberOps SECOPS &#8211; Objective 2.7","author":"Ben Story","date":"August 10, 2019","format":false,"excerpt":"Map the provided events to these source technologies: NetFlow, IDS \/ IPS, Firewall, Network application control, Proxy logs, AntivirusImplementing Cisco Cybersecurity Operations (210-255) NetFlow NetFlow (or IPFIX) data will contain the standard 5-tuple of information: source IP address, destination IP address, source port, destination port, and the protocol. IDS\/IPS Intrusion\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/06\/abstract-business-code-270348.jpg?fit=1200%2C645&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/06\/abstract-business-code-270348.jpg?fit=1200%2C645&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/06\/abstract-business-code-270348.jpg?fit=1200%2C645&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/06\/abstract-business-code-270348.jpg?fit=1200%2C645&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/06\/abstract-business-code-270348.jpg?fit=1200%2C645&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":885,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/26\/ccna-cyberops-secops-objectives-4-7-and-4-8\/","url_meta":{"origin":867,"position":2},"title":"CCNA CyberOps SECOPS &#8211; Objectives 4.7 and 4.8","author":"Ben Story","date":"August 26, 2019","format":false,"excerpt":"Map DNS logs and HTTP logs together to find a threat actor Implementing Cisco Cybersecurity Operations (210-255) Map DNS, HTTP, and threat intelligence data together Implementing Cisco Cybersecurity Operations (210-255) Understanding logs from DNS servers and HTTP servers is important. Analyzing data from the logs can help with determining security\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"Photo by Lex Photography from Pexels","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/10\/pexels-photo-1109541.jpeg?fit=640%2C426&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/10\/pexels-photo-1109541.jpeg?fit=640%2C426&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/10\/pexels-photo-1109541.jpeg?fit=640%2C426&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":524,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/03\/15\/ccna-cyberops-secfnd-objective-5-2\/","url_meta":{"origin":867,"position":3},"title":"CCNA CyberOps SECFND Objective 5.2","author":"Ben Story","date":"March 15, 2019","format":false,"excerpt":"Describe these types of data used in security monitoring: Full packet capture, session data, transaction data, statistical data, extracted content, alert dataUnderstanding Cisco Cybersecurity Fundamentals (210-250) Full Packet Capture Full packet capture data can be very useful in analyzing what occurred on a network. Unfortunately to capture everything is very\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/fibre-1515964_1920.jpg?fit=1200%2C675&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/fibre-1515964_1920.jpg?fit=1200%2C675&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/fibre-1515964_1920.jpg?fit=1200%2C675&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/fibre-1515964_1920.jpg?fit=1200%2C675&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/07\/fibre-1515964_1920.jpg?fit=1200%2C675&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":887,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/27\/ccna-cyberops-secops-objective-4-9\/","url_meta":{"origin":867,"position":4},"title":"CCNA CyberOps SECOPS &#8211; Objective 4.9","author":"Ben Story","date":"August 27, 2019","format":false,"excerpt":"Identify a correlation rule to distinguish the most significant alert from a given set of events from multiple data sources using the firepower management console Implementing Cisco Cybersecurity Operations (210-255) The Cisco Firepower Management Center has the ability for custom correlation rules. These rules can be created to trigger based\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"Photo by Oleksandr Pidvalnyi from Pexels","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/america-blur-cartography-2749090.jpg?fit=640%2C426&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/america-blur-cartography-2749090.jpg?fit=640%2C426&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2019\/08\/america-blur-cartography-2749090.jpg?fit=640%2C426&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":823,"url":"https:\/\/packitforwarding.com\/index.php\/2019\/08\/11\/ccna-cyberops-secops-objective-2-9\/","url_meta":{"origin":867,"position":5},"title":"CCNA CyberOps SECOPS &#8211; Objective 2.9","author":"Ben Story","date":"August 11, 2019","format":false,"excerpt":"Interpret a provided intrusion event and host profile to calculate the impact flag generated by Firepower Management Center (FMC) Implementing Cisco Cybersecurity Operations (210-255) FMC Incident FMC Host Profile The firepower management console (FMC) presents information about the incidents and hosts. Impact flag 1 indicates an incident against a host\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/packitforwarding.com\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/06\/abstract-business-code-270348.jpg?fit=1200%2C645&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/06\/abstract-business-code-270348.jpg?fit=1200%2C645&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/06\/abstract-business-code-270348.jpg?fit=1200%2C645&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/06\/abstract-business-code-270348.jpg?fit=1200%2C645&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/packitforwarding.com\/wp-content\/uploads\/2018\/06\/abstract-business-code-270348.jpg?fit=1200%2C645&ssl=1&resize=1050%2C600 3x"},"classes":[]}],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/posts\/867","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/comments?post=867"}],"version-history":[{"count":1,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/posts\/867\/revisions"}],"predecessor-version":[{"id":1123,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/posts\/867\/revisions\/1123"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/media\/201"}],"wp:attachment":[{"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/media?parent=867"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/categories?post=867"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/packitforwarding.com\/index.php\/wp-json\/wp\/v2\/tags?post=867"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}