New Class: Flow Analysis & Network Hunting
Michael McFail & Ben Actis have contributed a new one-day class (including videos!) covering analysis of network flows, and hunting for adversaries on your network. A “netflow” is a specific summarization of network traffic that can be exported in varying formats by most routers. This class lets you know what tools you can use to analyze this data. It also covers a variety of analyses you might do for network situational awareness, hunting for attackers, or fusing the data with other sensor data to bring about better intrusion detection.
We have another two-day class in the release queue that will serve as the complement to this class, covering full packet analysis. And if you look at the bottom of this class page you will see that both classes are part of a larger “School of SOC” curriculum aiming to help bootstrap new SOC operators, and share best practices in the area.
Check out the class materials below:
Monday, July 8, 2013