BONUS! Cyber Phoenix Subscription Included: All Phoenix TS students receive complimentary ninety (90) day access to the Cyber Phoenix learning platform, which hosts hundreds of expert asynchronous training courses in Cybersecurity, IT, Soft Skills, and Management and more!
Course Overview
This 5-day instructor-led course offers a hands-on, advanced training in PCAP analysis, tailored for senior cybersecurity professionals, network administrators, and IT security analysts. Participants will examine egress traffic and file type detection, configure and tune advanced PCAP analysis tools like Security Onion, Pfsense, and Suricata, and write custom Suricata signatures. The course also covers leveraging Suricata’s capabilities and exploring the Wazuh SIEM system in depth. Through extensive lab exercises, students will gain practical experience in using and configuring these tools to tackle complex cybersecurity challenges. At the completion of this course, participants will be able to:
- Examine and identify suspicious egress traffic and detect file types in PCAP data.
- Configure and use Security Onion, Pfsense, and Suricata for advanced network security.
- Tune Security Onion for optimal performance and security.
- Write and implement custom Suricata signatures.
- Leverage Suricata’s advanced capabilities for network traffic analysis.
- Explore and utilize the Wazuh SIEM system for comprehensive security monitoring.
- Carve files using Network Miner.
Schedule
Currently, there are no public classes scheduled. Please contact a Phoenix TS Training Consultant to discuss hosting a private class at 301-258-8200.
Course Outline
Module 1: Examine Egress Traffic and File Type Detection
- Understanding Egress Traffic and File Type Detection
- Techniques and significance of analyzing egress traffic and detecting file types
- Lab #1-1: Identify Suspicious Egress Traffic
- Practical exercise on identifying suspicious egress traffic
- Lab #1-2: Stealth Command and Control Identification
- Practical exercise on identifying stealth command and control traffic
- Lab #1-3: File PCAP Analysis Methods
- Practical exercise on analyzing file types in PCAP data
Module 2: PCAP Analysis Tools
- Introduction to PCAP Analysis Tools
- Overview and configuration of advanced analysis tools
- Lab #2-1: Configure Security Onion
- Practical exercise on configuring Security Onion
- Lab #2-2: Configure Pfsense
- Practical exercise on configuring Pfsense
- Lab #2-3: Configure Suricata on Ubuntu
- Practical exercise on configuring Suricata on Ubuntu
Module 3: Tune Security Onion
- Optimizing Security Onion
- Techniques for tuning Security Onion for optimal performance
- Lab #3-1: Configure Suricata Rulesets
- Practical exercise on configuring Suricata rulesets within Security Onion
- Lab #3-2: Suricata Capabilities
- Practical exercise on exploring Suricata’s capabilities
Module 4: Writing Custom Suricata Signatures
- Creating Custom Suricata Signatures
- Techniques and methodologies for writing custom Suricata signatures
- Lab #4-1: Suricata Rulesets
- Practical exercise on creating and implementing custom Suricata rulesets
Module 5: Leveraging Suricata
- Advanced Use of Suricata
- Leveraging Suricata’s capabilities for network security
- Lab #5-1: Suricata Capabilities
- Practical exercise on advanced Suricata capabilities
- Lab #5-2: Suricata Rulesets
- Practical exercise on implementing and testing Suricata rulesets
Module 6: Wazuh SIEM System
- Introduction to Wazuh SIEM System
- Overview and capabilities of the Wazuh SIEM system
- Lab #6-1: Exploring the Wazuh Modules Dashboard
- Practical exercise on navigating the Wazuh Modules Dashboard
- Lab #6-2: Exploring the Wazuh Management Dashboard
- Practical exercise on navigating the Wazuh Management Dashboard
Module 7: Wazuh SIEM System Continued
- Advanced Wazuh SIEM Techniques
- Further exploration of Wazuh SIEM capabilities
- Lab #7-1: Exploring the Wazuh Agents Dashboard
- Practical exercise on navigating the Wazuh Agents Dashboard
- Lab #7-2: Carving Files with Network Miner
- Practical exercise on carving files using Network Miner
Conclusion
- Review and summary of key concepts
- Final assessment and practical exam
- Q&A and further resources for continued learning
Prerequisites
Participants should have:
- Completed the first three PCAP analysis courses or possess a solid understanding of advanced PCAP analysis and network security tools.
- Familiarity with configuring and using tools like Security Onion, Pfsense, and Suricata.
- Prior exposure to cybersecurity principles and practices, with a focus on advanced detection and analysis techniques.
BONUS! Cyber Phoenix Subscription Included: All Phoenix TS students receive complimentary ninety (90) day access to the Cyber Phoenix learning platform, which hosts hundreds of expert asynchronous training courses in Cybersecurity, IT, Soft Skills, and Management and more!
Phoenix TS is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints re-garding registered sponsors may be submitted to the National Registry of CPE Sponsors through its web site: www.nasbaregistry.org
