Trainer
Christos Lazaridis, Focal Point
Session Details
- Session Title:
Configuring and exploring Suricata logs through PFsense - Session Description:
Throughout this session a proper deployment and configuration of IDS solutions will be showcased for the attendees - Key Learning Objectives:
Understanding how intrusion detection systems work
Network placement
Logging Configuration
Suricata rule structure
Exploring IDS logs through SIEM technologies
Lab Details
- Lab Title:
Exploring Suricata Logs through Azure Data Explorer - Lab Description:
Students will be given access to Azure Data Explorer containing Suricata logs captured throughout an ongoing attack to the underlying monitored infrastructure. The instructor will go through detections along with the students throughout the lab - Key Learning Objectives:
Students will get to experience firsthand how KQL querying in Sentinel can leverage IDS datasets to perform efficient detections - Tools/Software Required:
Web Browser
Trainer
Riku Salmenkylä, Laurea University of Applied Sciences
Session Details
- Session Title:
Network Forensics Overview - Session Description:
Describing area of network forensics and helping the students understand the fundamentals of network forensics. Concentrating in the structure of Network Forensics examination concepts and tools to capture, record, and analyze network data rather than legal issues - Key Learning Objectives:
Students gain fundamental knowledge of network forensics, understanding of network forensics concepts and they are able to describe how network incidents can be detected and evaluated
Lab Details
- Lab Title:
Monitor and analyse Network Forensics scenarios with Wireshark - Lab Description:
Hands-on exercises on monitoring, capturing, and analysing of network traffic to uncover and investigate security incidents or breaches - Key Learning Objectives:
Student will be able to use wireshark to filter and analyze network traffic to find intrusions and abnormalities in network data - Tools/Software Required:
Wireshark. Internet access with it. If the VM is built on Kali linux or such, Wireshark is pre-installed and should be fine
- Trainer/in: Riku Salmenkylä