Security Event Triage: Leveraging Existing Security Device Alerts

by Daniel Lachance

Identifying suspicious network activity can prevent serious security breaches. By monitoring centralized device logs you can catch potential security problems in a timely manner.

What you'll learn

Identifying suspicious activity on your network can be achieved by analyzing security device logs. In this course, Security Event Triage: Leveraging Existing Security Device Alerts, you'll learn how to analyze security device logs looking for security problems. First, you'll learn about network security devices and the relationship between the OSI model and the ability to decipher the meaning of network traffic captures. Next, you'll see how to analyze firewall logs to identify abnormal activity which could indicate a security compromise, and how analyzing network access control (NAC) logs can identify questionable host and network connectivity for unauthenticated as well as authenticated devices. Finally, you'll explore how to use cloud-based methods such as cloud packet capturing and centralized security monitoring to identify potential security problems in the cloud. When you're done with this course, you'll have the foundational knowledge of continuous monitoring and interpretation of correlated log events needed to gain the best possible picture of network security events.

About the author

Daniel Lachance, CompTIA Security+, CompTIA A+®, CompTIA Network+®, CompTIA Server+, CompTIA Cloud Essentials, MCITP, MCTS, MCSA, is the owner of Lachance IT Consulting Inc. He is the author of the CompTIA Server+ Certification All-in-One Exam Guide, CompTIA Cloud Essentials Certification Study Guide, and co-author of CompTIA Security+ Certification Practice Exams. Mr. Lachance is an experienced trainer having delivered IT training in Canada and the Caribbean since the 1990s on topics ranging f... more

Ready to upskill? Get started