There is a common problem in technology education, in that many skills require so much prior knowledge, that it's difficult to know where to even begin teaching a skill or concept. All of these nested skills quickly pile up and can often make training overwhelming for the student. The Foundations Course solves this problem by teaching Network Security Monitoring (NSM) in a simple way that builds incrementally. The first days lay the common groundwork that will flow into the next higher concept.
Each day in Foundations is designed to be as practical and engaging as possible. Students are provided with an individual system to encourage usage of the platforms throughout the course content.
Network security is a constantly changing space and we focus on keeping our content up-to-date. While learning relevant information, the students also get practical experience with relevant tools, such as version control systems, Linux, command-line text editors, security contexts, and basic system management.
The core strength of the Foundations Course is that it is designed to accommodate a wide range of technical skills and practical experience.
5 Days | 8 hours per day
There are no prerequisites for this course.
Mac, Linux, or Windows
A modern web browser
This introductory course is designed to equip a student with basic survival skills for the Linux command line. It is not intended to make them an expert, but rather familiarize them enough that Linux isn’t a barrier to their success.
File System Layout (w/ lab)
Using Vim (w/ lab)
Viewing Logs (w/ lab)
Package Management (w/ lab)
Working With Services (w/ lab)
SELinux Basics (w/ lab)
Linux Administrative Skills (w/ lab)
Introduction to Bro
An understanding of Bro is a foundational skill for anyone that wishes to use RockNSM. This course is designed to take an operator or analyst who has never used Bro and bring them up to speed with its capabilities.
What is Bro?
Bro Project History
Bro vs. Wireshark (w/ lab)
Analyzing a packet capture (w/ lab)
Running Bro from the Command Line (w/ lab)
ASCII Logs Overview (w/ lab)
Filtering and Sorting Data (w/ lab)
Capture the Flag (w/ lab)
Introduction to Kafka
This course will cover what message queuing is all about, how it is used, and why Kafka was chosen for ROCK. This is not a lab-intensive course; it is designed to provide an overview of what is happening in the background with RockNSM.
What is a Messaging Queue?
Publishers and Subscribers
Topics and Partitions
Kafka and RockNSM History
Introduction to the File Scanning Framework
File Scanning Framework (FSF) is an open source project by Emerson Electric that enables recursive file scanning with a combination of YARA rules and programming logic. This course will familiarize students with the tool’s capabilities and provide an overview of YARA rules.
What is Recursive File Scanning?
YARA Rules (w/ lab)
Scanning a File (w/ lab)
Interpreting Scan Results (w/ lab)
Introduction to the Elastic Stack
Elastic is an open source data company whose products are integral to RockNSM and CAPES. This course will provide an overview of the products offered and an introduction to using the three primary products, commonly known as the Elastic stack.
Elastic Company Overview
Elasticsearch (w/ lab)
Logstash (w/ lab)
Kibana (w/ lab)
Beats (w/ lab)
Introduction to CAPES
CAPES is a scalable, open source and free Security Incident Response Platform, designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly. This course is designed to take an operator or analyst who has never used the CAPES technology stack and bring them up to speed with its capabilities.
System Setup (w/ lab)
What is CAPES?
CAPES Services Introduction (w/ lab)
Introduction to Git
Whether you’re organizing config files or deploying an application, modern operations happen using version control systems. Git has quickly become the new standard and learning to get work done in Git is a critical skill for students. This skill will immediately pay off in creating a documentation repository for the entire course.
What is versioning?
Git Overview & History
Basic CLI usage (w/ lab)
External Repositories (w/ lab)
GUI Tools (w/ lab)
Advanced Usage (w/ lab)
Student Docs Repo Lab