
Network Monitoring & IPS
Programs & Modules
Program Description
This course teaches the concepts, applications, configuration, and implementation of enterprise network monitor and intrusion prevention systems (IPS) technologies. Built on the prerequisite courses, this course is intended to teach the students the breadth and depth of the topics of SNMP, network management, deep packet inspection, log file analysis, anomaly detection, host and network-based IPS, distributed IPS, and Honeynets/Honeypots.
Modules
Intro to Data Collection
Signature-Based Detection with Snort and Suricata
Planning Data Collection
The Bro-Zeek Platform
The Sensor Platform
Anomaly Based Detection with Statistical Data
Session Data
Using Canary Honeypots for Detection
Full Packet Capture Data
Packet Analysis
Packet String Data
Friendly and Threat Intelligence
Detection Mechanism, Indicators of Compromise and Signatures
The Analysis Process
Reputation-Based Detection