Description
Price: 15.00 USD | Size: 5.62 GB | Duration : 27.3 Hours | 133 Video Lessons |
BRAND: Expert TRAINING | ENGLISH | INSTANT DOWNLOAD | 4.9
Bro Scripting
If you miss an attacker on your network, it’s probably not because you don’t have enough data. It’s more likely that you have too much data.
Bro (recently renamed to Zeek) is the world’s most flexible network security platform, and thousands of organizations use it to reduce network packet streams down to noteworthy events. While Bro’s out-of-the-box capabilities are robust, they merely scratch the surface. Bro isn’t just a tool; it’s a programming language. That means Bro…
- …is an IDS that can be used to go beyond signature-based matching and detect things that might be missed.
- …will match complex sequences of events that are benign by themselves, but malicious when occurring together.
- …can generate statistics for anomaly detection and network-based hunting.
- …produces evidence useful for enriching and investigating alerts from other tools.
Hands-On Bro Scripting is a foundational course that will help you unlock the flexibility of Bro to make sure you have the right data at the right time. When you take this course, you’ll learn:
- The fundamentals of Bro scripting with hands-on, real-world scripts being developed along the way.
- Effective approaches for maximizing your sensor resources.
- How to effectively filter log data to minimize network bandwidth use
- Techniques for debugging and analyzing new and existing scripts
- Best practices for building your own custom bro events.
- How to leverage Bro’s frameworks: intel, file analysis, input, summary statistics, notice, and conn threshold.
You’ll also develop useful foundational scripts you can use
to guide your detection and analysis. This includes scripts for detecting large HTTP flows, extracting files based on MIME type, determining the ratios of HTTP methods, firing events based on connection thresholds, and protocol filtering scripts.
Course Format
Hands-On Bro Scripting is delivered entirely online using recorded video lectures that you can go through at your own pace. Each lesson consists of lectures that overview critical concepts, instructor-led demonstrations that walk through Bro examples, and lab exercises when you practice the concepts you’ve learned. There is also a discussion forum where you can ask questions and share tips and tricks with other students and your instructor.
Prerequisites
This is a scripting course and assumes some level of programming knowledge. You should have experience with another scripting language (Perl, Python, etc), and a basic understanding of programming concepts.
A basic understanding of Bro is helpful, although not entirely required.
This course is delivered in English.
FAQ
Q: Who is this course designed for?
A: Anyone who wants to learn how to use Bro for intrusion detection or security investigations. This course is targeted explicitly at security investigators, NSM analysts, detection engineers, and security tool developers.
Q: How much Bro experience should I have before starting?
A: A basic familiarity with Bro and its default data output is helpful. Understanding the official Bro quickstart document is a great place to start: (https://www.bro.org/sphinx/quickstart/index.html).
Q: How much programming experience should I have before starting?
A: This is a scripting course and assumes some level of programming knowledge. You should have experience with another scripting language (Perl, Python, etc), and a basic understanding of programming concepts.
Q: Are there any hands-on labs?
A: Yes! Lots of them. You’ll have plenty of opportunities to practice the techniques we discuss. The class is loaded with demonstrations you can follow along with, too! If you run into troubles, you can ask your course peers and the instructor, who is an expert Bro developer.
Discover more from Easy Learning (Since 2013)
Subscribe to get the latest posts sent to your email.