Creator: Michael McFail and Ben Actis
License: Creative Commons: Attribution, Share-Alike (http://creativecommons.org/licenses/by-sa/3.0/)
Class Prerequisites: Knowledge of TCP/IP
Lab Requirements: The VM below provides the tools and some basic example data, but you should collect your own data and analyze it within this VM (because not all data used in the class videos was releasable)
Class Textbook: None
Recommended Class Duration: 1 day
Creator Available to Teach In-Person Classes: No
Author Comments:
This course focuses on network analysis and hunting of malicious activity from a security operations center perspective. We will dive into the netflow strengths, operational limitations of netflow, recommended sensor placement, netflow tools, visualization of network data, analytic trade craft for network situational awareness and networking hunting scenarios.
Course Objectives: Provide an understanding of the netflow data format Describe common netflow collection, analysis, and visualization tools Cover situational awareness and hunting analytic tradecraft Fuse netflow with other data sources
Special thanks to Jon Ferretti for reviewing the videos for public release.