Perched | Security Education, Consulting, and Support
Security Solutions

Perched Network Operations Center

Perched Network Operations Center

Overview

While network sensors are frequently used in a security context, their visibility of the network give insights beyond security and can be used by network operators as well.

This instructor-led course is focused around the usage of network sensors to perform network operations such as flow monitoring, service availability, performance bottlenecks, and overall network health

Audience

Network operators responsible for the health and maintenance of network sensor platforms and the Elastic Stack.

Duration

5 Days | 8 hours per day

Prerequisites

There are no prerequisites for this course.

Requirements

  • Mac, Linux, or Windows

  • A modern web browser

 

Day 1, 2, 3

Elastic Stack Operate and Maintain

This course is designed to familiarize sensor maintainers with the various ways to install, configure, and tune the various Elastic products.

Syllabus

  • Environment Preparation (w/ lab)

  • Node Types

  • Components

  • Elasticsearch

  • Logstash

  • Beats

  • Kibana

  • Maintenance

  • Viewing Log Files (w/ lab)

  • Elasticsearch API (w/ lab)

  • Kibana Console (w/ lab)

  • Identifying Performance Bottlenecks (w/ lab)

  • Monitoring Performance (w/ lab)

 

Day 4

Platform Health Monitoring

This course is designed to familiarize infrastructure maintainers with the Elastic Beats family and how to use them to monitor infrastructure.

Syllabus

  • Deploy Metricbeat to collect information from systems and services

  • Deploy Auditbeat to monitor user activity and processes on Linux systems using the Linux audit framework

  • Deploy Winlogbeat to collect Windows Event logs

  • Deploy Heartbeat to monitor network-facing applications for downtime

 

Day 5

Kibana for Network Operations

This course familiarizes network operators on analyzing data collected from the Elastic Beats family to monitor infrastructure and detect potential issues before they become problems.

Syllabus

  • ●  Building Dashboards to Visualize Performance Anomalies (w/ lab)

  • ●  Beats and Dashboards (w/ lab)

  • ●  Using Machine Learning for Performance and Anomaly Detection (w/ lab)

  • ●  Leverage Alerting for Automation Actions (w/ lab)

Introduction to the File Scanning Framework

File Scanning Framework (FSF) is an open source project by Emerson Electric that enables recursive file scanning with a combination of YARA rules and programming logic. This course will familiarize students with the tool’s capabilities and provide an overview of YARA rules.

Syllabus

  • Project Overview

  • What is Recursive File Scanning?

  • YARA Rules (w/ lab)

  • Scanning a File (w/ lab)

  • Interpreting Scan Results (w/ lab)

  • Using jq