This video explains how Splunk works as a network traffic evidence acquisition tool.
- [Instructor] Security information and event management, … or SIEM, systems like Splunk collect and analyze … network forensics data generated by many sources … including intelligent detection systems or IDSs, … intrusion prevention systems or IPSs, … and vulnerability management systems. … SIEM focuses on monitoring, logging, … and analyzing network security events in real time. … The ultimate goal of SIEM is to alert human operators … when suspicious or anomalous activities are detected. … The main difference between SIEM and systems … such as IDSs, IPSs, and vulnerability management systems … is that SIEM is much more capable … of managing network security data and tracing network events … in terms of its scope and capacity. … SIEM also provides a much more comprehensive … and holistic view of your network … beyond specific intrusion attempts or known vulnerabilities … by leveraging IDS, IPS, … and vulnerability management system data … and correlating them. … Due to the recent advances in data science, …
- Goals of network forensics
- Using a syslog and Microsoft Log Parser
- Investigating network traffic
- How protocol analysis works
- ARP and DNS poisoning
- Working with network forensics tools
- Using packet sniffers
Skill Level Intermediate
Learning Cryptography and Network Securitywith Lisa Bock1h 45m Intermediate
Insights from a Cybersecurity Professionalwith Mike Chapple32m 15s Intermediate
What you should know2m 11s
1. Understanding Network Forensics
2. Preparing for a Network Forensics Investigation
3. Investigating Network Events
4. Investigating Network Traffic
5. Network Forensics Tools
Next steps1m 15s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.