Overview
Learning Outcomes:
In this module, you will complete the following exercises:
- Exercise 1 – Threat Hunting
- Exercise 2 – Studying Vulnerability Scans
- Exercise 3 – Exploring Syslog/Security Information and Event Management (SIEM)
After completing this module, you should be able to:
- Perform log reviews.
- Use Nikto for web application vulnerability scanning.
- Perform vulnerability scanning using OpenVAS.
- Use Lynis for system vulnerability scanning.
- Implement SIEM.
After completing this module, you should have further knowledge of:
- Intelligence fusion
- Threat feeds
- Advisories and bulletins
- Maneuver
- Configuration review
- Common Vulnerabilities and Exposures (CVE)/Common Vulnerability Scoring System (CVSS)
- Application, web application, and network
- False positive
- False negative
- Credentialed versus noncredentialed scans
- Intrusive versus nonintrusive
- Review reports
- Packet capture
- Data inputs
- User behavior analysis (UBA)
- Sentiment analysis
- Security monitoring
- Log aggregation
- Log collectors
- Security orchestration, automation, response (SOAR)
Exam Objectives:
The following exam objective is covered in this lab:
1.7 Summarize the techniques used in security assessments
- Threat hunting
- Vulnerability scans
- Syslog/security information and event management (SIEM)
- Security orchestration, automation, response (SOAR)
Note: Our main focus is to cover the practical, hands-on aspects of the exam objectives. We recommend referring to course material or a search engine to research theoretical topics in more detail.