Detailed Course Outline
Security Basics
- Characteristics of an Attack
- Indicators of Compromise
- Cyber Attacks and the Cyber Kill Chain
Introduction to IntroSpect
- IntroSpect Overview
- Analytics Tools and Dashboards
- AI and Machine Learning in IntroSpect
System Installation
- IntroSpect Analyzer Configuration
- IntroSpect Packet Processor Configuration
Analyzer Deployment Architecture
- Fixed Configuration vs Scale-out Deployments
- Licensing
- Deployment Scenarios
- Overview of How IntroSpect Uses Logs and Data
Log Sources
- Introduction to the Log Processing Chain
- Configuring Log Sources
- Customizing Log Sources
ClearPass Integration
- IntroSpect as an External Context Server in ClearPass
- Configuring ClearPass Log Sources in IntroSpect
- Configuring ClearPass API and Client for IntroSpect
- Quarantine Users / Entities from IntroSpect
Configuring Analytics
- Introduction to Analytics and the Analyzer Dashboard
- Entity360
- Monitoring Strategies
- Data Validation
Alert Investigation
- Alert Investigation and Baselines
- Alert Notifications and Chaining Alerts
- Analyzing Alerts and Conversations
Administrative Tasks
- Software Upgrade
- IntroSpect Analyzer Health Checks
- Data Retention Tuning
- Administrative User Management
- IntroSpect Analyzer Logs and Tech Support
Troubleshooting
- System Alarms
- Debugging the ETL Pipeline
- Evaluating Log Sources and Alerts Errors