Identifying & Analyzing Network Host Intrusion Detection System Alerts

CompTIA Security+ (SY601) Domains:
Domain 3.0: Implementation

CompTIA Security+ (SY601) Objectives:
Objective 3.3: Given a scenario, implement secure network designs.

Overview

In this lab, you will be conducting network and host monitoring using various administrative tools such as Snorby, Sguil, and Squert.

outcomes

In this lab, you will learn to:

Perform network monitoring with Snorby.
Perform network security monitoring with Sguil.
Perform network security monitoring with Squert.

Courses

Linux Based Security+ - Skill Labs

Key terms and descriptions

Intrusion Detection System

An Intrusion Detection System, or IDS, can be used to collect and analyze traffic on the network.

Snort

Snort has the ability to capture network traffic, process these requests, and analyze the legitimate and malicious web requests.

Security Onion

Security Onion is a free and open platform for network and security monitoring, hunting threats, and managing logs.

Snorby

Snorby is an open-source ruby on rails web application for network and security monitoring that interfaces with popular intrusion detections systems such as Snort.

Sguil

Sguil is an open-source network and security monitoring tool that provides a GUI that provides realtime access to events, session data, and raw packet captures.

Squert

Squert is an open-source web application used to query and view event data from Sguil database