13-17 Feb 2017
13-17 Feb 2017
20 Jan 2017
300 € (no fee for the Sponsoring Nations, Contributing Partners and NATO bodies)
This intensive hands‐on course concentrates on several tools from many important Cyber Defence Monitoring techniques and solutions. In this module, we focus on an end-to-end solution for collecting, storing, visualizing and alerting on time-series data. We use the so-called TICK stack, a data management platform comprising Telegraf, InfluxDB, Chronograf, and Kapacitor, to build monitoring systems for different scales, from SOHO/SME up to enterprise level.
The course demonstrates how TICK stack is a perfect fit for modern monitoring solutions. Attendees gain practical experience on how to build up a scalable system and how challenging the security‐engineering process can be. During hands‐on exercises, students start from the basic single instance installation and end up implementing a distributed system with centralised command, analysis and visualisation solutions.
On this course, we will work with network traffic from Locked Shields 2015, which means that the traffic will have real intrusions. We will also use samples of existing botnets to analyse obfuscation techniques used today.
NB! We most strongly discourage the participation of students who do not fulfil these prerequisites, since the course contains advanced lab sessions assuming this knowledge. Therefore, the presence of unskilled attendees is likely to hinder the overall progress of the course.