Cyber Defense Monitoring Solutions course (ITX8071) has been designed
to
provide an introduction to essential security monitoring tools and
technologies. The course covers a number of important security
monitoring concepts like
event log collection, firewalling, using regular expressions for
processing security data, real-time event log monitoring, event
correlation, and network intrusion detection. These concepts are studied
from a perspective of a security monitoring engineer and a number of
open source security monitoring solutions are discussed. During the
lectures and hands-on labs, we will learn how to use rsyslog, syslog-ng,
iptables, nft, grep and pcregrep command line tools, Simple Event
Correlator, Suricata, and
ElasticStack.
- Õpetaja/Teacher: Risto Vaarandi