Network and Log Monitoring

To support the preparation of participants in the different modules to the Cyber Defence Monitoring Suite, the Centre provides an online web-based course on network and log monitoring. This course is open to all individuals from NATO CCDCOE Sponsoring Nations, Contributing Participants as well as NATO bodies. This course can be accessed through the NATO e-Learning Joint Advanced Distributed Learning Portal.

Learning Objectives

  • List the ways of physically connecting a sensor to a monitored network
  • Describe the differences between an NIDS and an NIPS
  • Deploy an NIDS and NIPS sensor on a network
  • List the pros and cons of well-known network monitoring solutions such as Snort, Suricata, Bro and Moloch
  • Describe the BSD syslog protocol, its shortscomings and recommended solutions for log collection
  • List the event logging formats and log collection tools of Windows
  • Describe the purpose of log correlation and the functionalities of the Simple Event Correlator (SEC), which can be used for that
  • List various log analysis and data visualization tools
  • Describe the purpose and the pros and cons of security information and event management (SIEM) systems

Target Audience

The TA of this module is the same TA, as the targeted TA of the different modules to the Cyber Defence Monitoring Suite.

Outline

  • Network Monitoring
    • Instructions about the sensor placement in a Network Intrusion Detection and Prevention Systems (NIDS/NIPS) are provided. Common network monitoring solutions are introduced as well
  • Log Monitoring
    • First, the BSD syslog protocol, used for event logging, is described. Then, tools and solutions for log collection, log correlation and log analysis are introduced

Prerequisites

The requirements of the Cyber Defence Monitoring Suite modules apply.

Registration

The course can be accessed through the NATO e-Learning Joint Advanced Distributed Learning portal and is available to all users of the portal. Once registered, users may access the course by navigating to the ‘Centres of Excellence’ -> ‘COE Cyber Defence’ -> ‘Network and Log Monitoring’ course listing.