Identifying suspicious activity on your network can be achieved by analyzing security device logs.
In this course, Security Event Triage: Leveraging Existing Security Device Alerts, you'll learn how to analyze security device logs looking for security problems.
First, you'll learn about network security devices and the relationship between the OSI model and the ability to decipher the meaning of network traffic captures.
Next, you'll see how to analyze firewall logs to identify abnormal activity which could indicate a security compromise, and how analyzing network access control (NAC) logs can identify questionable host and network connectivity for unauthenticated as well as authenticated devices.
Finally, you'll explore how to use cloud-based methods such as cloud packet capturing and centralized security monitoring to identify potential security problems in the cloud.
When you're done with this course, you'll have the foundational knowledge of continuous monitoring and interpretation of correlated log events needed to gain the best possible picture of network security events.
Daniel Lachance, CompTIA Security+™, CompTIA A+®, CompTIA Network+®, CompTIA Server+, CompTIA Cloud Essentials, MCITP, MCTS, MCSA, is the owner of Lachance IT Consulting Inc. He is the author of the CompTIA Server+ Certification All-in-One Exam Guide, CompTIA Cloud Essentials Certification Study Guide, and co-author of CompTIA Security+ Certification Practice Exams.
Course Overview Hi, everyone. I'm down lotions and welcome to my course. Leveraging existing security device alerts. Identifying suspicious activity on your network could be achieved by analyzing security device logs. In this course, you will learn howto analyze security device logs looking for security problems. Some of the major topics that we will cover include understanding the role of various network security devices, identifying potential security threats, using firewall logs, identifying potential security threats, using network access control logs and using cloud solutions to pinpoint cloud security problems. By the end of this course, you'll understand how to leverage centralized logging solutions to determine whether or not suspicious host or network activity exists on the network. I hope you'll join me to learn about leveraging existing security device alerts here at Pluralsight.