Learn intrusion detection: Using Zeek and Elastic for incident response | Live Tool Demo

Intrusion detection is a foundational skill for many cybersecurity careers. Learn how intrusion detection works in action in this webcast. Then take these free intrusion detection system (IDS) tools and start building your skills.

See the demo overview and files here: https://docs.google.com/document/d/1zczffMEI5oiHWyg7KrRTe6kvgApWbgwFgqYAsfcN8ww/edit?usp=sharing

Additional resources mentioned during the webcast:
— Advanced Intrusion Detection learning path: https://www.infosecinstitute.com/skills/learning-paths/advanced-intrusion-detection/
— Mark’s intrusion detection blogs: https://resources.infosecinstitute.com/author/mark-viglione/
— Create your free Infosec Skills account: https://www.infosecinstitute.com/free
— Infosec Skills monthly challenge: https://www.infosecinstitute.com/challenge
— Infosec Accelerate Scholarship: https://www.infosecinstitute.com/scholarship-opportunities-for-aspiring-cybersecurity-professionals/

What’s covered in this webcast:
0:00 – Intro and agenda
1:20 – Intrusion detection training resources
3:48 – What is intrusion detection?
4:52 – Who should learn intrusion detection?
5:50- What are the main intrusion detection tasks and tools?
7:23 – What’s the career path and roles involved in incident response?
8:51 – 3 types of of intrusion detection
12:30 – How intrustion detection fits into MITRE ATT&CK matrix
13:45 – Poll question: Have you used intrusion detection tools?
16:35 – Intrusion detection demo overview
17:50 – Intrusion detection scenario
18:53 – Getting pcap files from malware-traffic-analysis.net
19:40 – Using Brim to turn pcap files into Zeek logs
23:40 – Overview of using Elastic for incident response
26:06 – Uploading CSV file from Brim to Elastic
27:58 – Types of data to ship to Elastic for incident response
30:28 – Elastic integrations for Azure and other cloud services
31:30 – Exploring the data and log files in Elastic
32:15 – Types of Zeek log records
33:36 – Using Elastic dashboards for incident response
37:46 – Using Elastic rules for detections and alerts
42:46 – Can you integrate open source threat intelligence into Elastic?
43:42 – What hands-on training or certs cover tools like Elastic?
45:55 – What sample logs can we use for Elastic?
46:55 – Can we use Zeek and Elastic to filter to only relevant data?
48:49 – What to do after setting up incident detection tools?
50:20 – Is progress being made on alert fatigue?
52:04 – Can you set up machine learning rules in Elastic?
53:37 – Best way to present Elastic data to management?
55:05 – Advice for getting started in intrusion detection
56:25 – Infosec Accelerate Scholarship Program
57:27 – Infosec Skills on-demand training and live boot camps
59:00 – Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.