Applied Network Security Monitoring: Collection, Detection, and Analysis (2014)

Applied Network Security Monitoring: Collection, Detection, and Analysis (2014)

CHAPTER 1. The Practice of Applied Network Security Monitoring

SECTION 1. Collection

CHAPTER 2. Planning Data Collection

CHAPTER 3. The Sensor Platform

CHAPTER 4. Session Data

CHAPTER 5. Full Packet Capture Data

CHAPTER 6. Packet String Data

SECTION 2. Detection

CHAPTER 7. Detection Mechanisms, Indicators of Compromise, and Signatures

CHAPTER 8. Reputation-Based Detection

CHAPTER 9. Signature-Based Detection with Snort and Suricata

CHAPTER 10. The Bro Platform

CHAPTER 11. Anomaly-Based Detection with Statistical Data

CHAPTER 12. Using Canary Honeypots for Detection

SECTION 3. Analysis

CHAPTER 13. Packet Analysis

CHAPTER 14. Friendly and Threat Intelligence

CHAPTER 15. The Analysis Process

APPENDIX 1. Security Onion Control Scripts

APPENDIX 2. Important Security Onion Files and Directories

APPENDIX 3. Packet Headers

APPENDIX 4. Decimal / Hex / ASCII Conversion Chart