From the course: Cybersecurity Foundations: Incident Response
Join today to access over 25,600 courses taught by industry experts.
Collecting data sources for threat detection and response
From the course: Cybersecurity Foundations: Incident Response
Collecting data sources for threat detection and response
- [Instructor] Let's talk about three essential data sources that can improve your threat detection and response. They are full packet capture, NetFlow, and Secure Web Gateway logs. Full Packet Capture gives you everything, both headers and payloads. This is the richest level of visibility. It lets you replay traffic, extract malware, and see exactly what an attacker did. The upside? Well, deep forensic detail and high-confidence attribution. And the downside? It eats up storage bandwidth fast, and it requires specialized tools to manage at scale. You'll want PCAP in confirming data exfiltration, reconstructing sessions, or analyzing custom malware. Just know, most organizations can't store it all, so they'll capture full packet data only at key choke points. Next up, NetFlow. NetFlow gives you metadata, like who talked to who, when, and how much data was transferred. It's like a phone bill for your network.…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.