SEC504: Hacker Tools, Techniques, and Incident Handling

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsThis is a short guidebook for network security analysts who want to find answers about their networks and systems quickly. Using open-source software and off-the-shelf components, an outstanding Check Point firewall log analysis platform can be built for well under $10,000 for an enterprise, or as little as $1,000 or less for more modest needs. Though the focus is on streaming near real-time Check Point firewall logs, the principles herein can be applied to any firewall, or virtually any other log source. This document provides real-world examples of ad-hoc investigations, watchdog anomaly alerting, host profiling, and much more. Through hands-on application of skills every network security analyst needs anyway, raw data can be sifted in every way imaginable. The resulting experience is invaluable.