Arming Small Security Programs - Network Baseline Generation and Alerts
Offered By: YouTube
Course Description
Overview
Learn how to arm small security programs with network baseline generation and alerts in this 36-minute conference talk from BSidesCharm 2017. Explore the Bro network security monitor and discover techniques for application and network whitelisting. Dive into practical implementation using Python scripts and Bro scripts for event-driven monitoring. Understand how to generate baseline files, analyze SMB traffic, and leverage machine learning for enhanced security. Gain insights into use cases and port listing to strengthen your organization's network defenses.
Syllabus
Intro
Meet Bro
Why am I here
The problem
The idea
Writing it down
Heuristics
Application Whitelisting
Network Whitelisting
How can I do this
Bro
Connection ID
Python Scripts
EventDriven Scripts
String Format
New Connection
Check Destination Port
If Statement
Bro Script
Logging
Parse
Scenario Network
Brophy
Install Brophy
Restart Brophy
Generate Baseline File
SMB Traffic
Recap
Use Cases
Port List
Machine Learning
End Date
Related Courses
An Introduction to Computer NetworksStanford University via Independent Computer Networks
University of Washington via Coursera Computer Networking
Georgia Institute of Technology via Udacity Cybersecurity and Its Ten Domains
University System of Georgia via Coursera Model Building and Validation
AT&T via Udacity