Site icon Tutor Bin

Estrella Mountain Community College Network Security Monitoring and Threat Hunting PPT

Estrella Mountain Community College Network Security Monitoring and Threat Hunting PPT

Description

The purpose of this assignment is to identify tools and processes that can be used to evaluate external threats.

Network security professionals and incident responders who will be using security and logging products will use threat hunting to assist with their network and endpoint hunting responsibilities.

The SOC analysts must use a specific approach to guide their hunting across typical security toolsets such as SIEM, packet capture, and endpoint detection response (EDR). These tools can help the analyst acquire useful data used in the threat hunting mission.

Threat hunters are responsible for enterprise situational awareness and continuous surveillance, including monitoring traffic, blocking unwanted traffic to and from the Internet, and detecting any type of attack. Point solution security technologies are the starting point for hardening the network against possible intrusion attempts.

Part 1

Use Kali Linux Wireshark to perform a deep packet analysis of the traffic on the SOC-in-box infrastructure. Assume this traffic represents the corporation you selected from the “Company Profiles.”

Identify the protocol hierarchy.

What percent of the traffic is TCP? ICMP? ARP? UDP?

  • Look at the I/O graphic in a bar-graph format.
  • Observe at least three Wireshark captures for analysis.
  • Part 2
  • Use Kali Linux and a command line terminal to access two log files to form a threat hunting scenario. You should be able to navigate to log files on any of the VMs within the SOC-in-a-box infrastructure, including the intrusion detection system (IDS).

What is the size of the log file?

Provide an output with the number of lines in the chosen log file.

Identify and describe the structure of the log file.

  • Determine users and logins. Can user login patterns be analyzed?
  • What are the IP addresses?
  • Add screenshots and explanation of threat hunting analysis to a Word document.
  • Part 3
  • In 500–750 words, summarize the following. This will be the Threat Hunting section in the IT Proposal.
  • Define the goals and responsibilities of a cyber threat hunting team and articulate its value to an organization

Explain how a SOC analyst can leverage use cases for threat hunting programs while building hunt missions for an organization.

Evaluate common threat hunting concepts, approaches, and tools.

Have a similar assignment? "Place an order for your assignment and have exceptional work written by our team of experts, guaranteeing you A results."

Exit mobile version