In this talk, I'll use my knowledge of working in a Security Operations Center to provide you with a framework to guide you in building your own SOC or network monitoring system capable of monitoring small to medium sized networks. The goal of this kind of monitoring is to watch for things such as break-in attempts on your network, malware downloads and malware beaconing out after installation and to be a central location for IT security threats. Additionally, the presentation will include some methods of packet analysis of specific events such as cross-site scripting, SQL injection and beaconing malware.
No information on specific technologies or methodologies used by the Security Operations Center Josh works with can be discussed. All information will be based on publicly available tools and information.