The below 3 need to be done for the lab.
Part 1- Rule Auditing
For this lab, you will analyze 10 rules from a different category each for their functionality and purpose. From the AlienVault USM web page (https://192.168.2.50) select Configuration -> Directives to display the correlation directives that AlienVault is preconfigured with. Provide an extensive analysis of the rules and make sure to include what sort of systems the rule applies (and may not apply) to, what sort of data it collects, how could the rule be improved.
Part 2- Rule Creation
What kind of rule would you create for your organization? What data would the rule require, how would it analyze the data, and how would it correlate in order to detect a specific action or behavior? What sort of false positives (or false negatives) could occur?
Part 3- Network Layouts
Using a network diagram tool of your choice (Visio or http://draw.io if you need a suggestion), create a ficticious network that you would expect to see in a real business environment that details at least 10 devices, a firewall, a router, servers, and various network segments (such as wireless, dmz, etc).
Once you’ve created the diagram, describe what type of data you could attain from all of your devices to be leveraged in a SIEM. Are there any devices that would be more or less valuable to obtain data from? What sort of data would be the most useful to you?
Posted On: November 11, 2014 18:52 UTC
ID: 204774583
Category: Networking & Information Systems > Network Administration
Skills: Array
Country: United States
click to apply
from Online Job Search
Part 1- Rule Auditing
For this lab, you will analyze 10 rules from a different category each for their functionality and purpose. From the AlienVault USM web page (https://192.168.2.50) select Configuration -> Directives to display the correlation directives that AlienVault is preconfigured with. Provide an extensive analysis of the rules and make sure to include what sort of systems the rule applies (and may not apply) to, what sort of data it collects, how could the rule be improved.
Part 2- Rule Creation
What kind of rule would you create for your organization? What data would the rule require, how would it analyze the data, and how would it correlate in order to detect a specific action or behavior? What sort of false positives (or false negatives) could occur?
Part 3- Network Layouts
Using a network diagram tool of your choice (Visio or http://draw.io if you need a suggestion), create a ficticious network that you would expect to see in a real business environment that details at least 10 devices, a firewall, a router, servers, and various network segments (such as wireless, dmz, etc).
Once you’ve created the diagram, describe what type of data you could attain from all of your devices to be leveraged in a SIEM. Are there any devices that would be more or less valuable to obtain data from? What sort of data would be the most useful to you?
Posted On: November 11, 2014 18:52 UTC
ID: 204774583
Category: Networking & Information Systems > Network Administration
Skills: Array
Country: United States
click to apply
from Online Job Search
No comments:
Post a Comment