From the course: Complete Guide to Open Source Security
Join today to access over 24,900 courses taught by industry experts.
Taking NetWitness for a spin
From the course: Complete Guide to Open Source Security
Taking NetWitness for a spin
- [Instructor] Okay, so the first thing we'll do with NetWitness is to run the demo investigation. We can drill down into any part of our analysis by clicking on it. For example, if we click on the number to the right of the creditcards.txt link, we'll get the session details for this item. In this case, just one. We can see that this is a POP3 session, and we have all the fields that were transferred in the session, including the attachment field. At the left is the view of the email which was transferred, and we can now scroll down to see the contents. And here we find social security number details. To go back to the session view, we can just close the pane. Back in the Collection Details tab, if we scroll further down, we can see the network addressing details. And following that, the source location, which in this case is Atlanta. Now we've got some experience with NetWitness. Let's take a look at our Unit42 PCAP file. We'll create a new collection, and we'll call it Unit42…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
(Locked)
Open source security software2m 50s
-
(Locked)
Open source software licensing2m 22s
-
(Locked)
Installing and testing open source security tools1m 23s
-
The Proxmox virtualization system5m 23s
-
(Locked)
Installing Kali Linux6m 44s
-
(Locked)
Using the application menu5m 12s
-
(Locked)
Installing additional tools2m 4s
-
(Locked)
Introduction to the Kali Purple workstation7m 39s
-
Introduction to the Kali Purple server5m 37s
-
(Locked)
Creating a Kali Purple server template2m 37s
-
(Locked)
Software component security5m 23s
-
(Locked)
Scanning with an automated SCA tool2m 7s
-
(Locked)
-
-
(Locked)
Introduction to GRC1m 13s
-
Architecting with ArchiMate5m 52s
-
(Locked)
Modelling security with Archi2m 22s
-
(Locked)
Adding security to the model3m 27s
-
(Locked)
Security risk management with SimpleRisk3m 9s
-
(Locked)
Taking SimpleRisk for a spin7m 34s
-
(Locked)
Using eramba for GRC4m 18s
-
(Locked)
Configuring the eramba system8m 31s
-
(Locked)
Preparing your risk context9m 11s
-
(Locked)
Setting up your assets3m 15s
-
(Locked)
Entering risks into eramba3m 35s
-
(Locked)
-
-
(Locked)
A survey of open source firewalls3m 6s
-
(Locked)
The basics of firewall operation1m 54s
-
(Locked)
Installing pfSense5m 6s
-
Accessing the DMZ via pfSense5m 29s
-
(Locked)
Installing the IPFire firewall5m 17s
-
(Locked)
Up and running with IPFire2m 29s
-
(Locked)
Installing NethSecurity7m 28s
-
(Locked)
Configuring the zones3m 32s
-
(Locked)
Configuring the NethSecurity lab2m 32s
-
(Locked)
Opening up the file server3m 57s
-
(Locked)
Activating the LAN DHCP1m 30s
-
(Locked)
-
-
(Locked)
Installing the Wazuh SIEM5m 24s
-
(Locked)
Installing a Wazuh Linux agent3m 20s
-
(Locked)
Installing a Wazuh Windows agent1m 32s
-
(Locked)
Collecting Nginx logs in Wazuh5m 20s
-
(Locked)
Monitoring an attack with Wazuh4m 48s
-
(Locked)
Detecting web shells with Wazuh7m 42s
-
(Locked)
Activating vulnerability scanning3m 45s
-
(Locked)
-
-
(Locked)
Installing the ELK Stack SIEM8m 19s
-
(Locked)
Upgrading Kibana to HTTPS5m 39s
-
(Locked)
Configuring log integrations3m 48s
-
(Locked)
Installing the Fleet server2m 51s
-
(Locked)
Enrolling hosts into the Fleet server6m 58s
-
(Locked)
Enhancing your logs9m 19s
-
(Locked)
Detecting reconnaissance with the ELK Stack7m 20s
-
(Locked)
Detecting exploitation with the ELK Stack4m 56s
-
(Locked)
Monitoring alerts with the ELK Stack4m 39s
-
(Locked)
-
-
(Locked)
Installing the IRIS incident management system2m 8s
-
(Locked)
Managing incidents with IRIS5m 44s
-
(Locked)
Installing Velociraptor6m 40s
-
(Locked)
Connecting Linux hosts to Velociraptor5m
-
(Locked)
Connecting Windows hosts to Velociraptor2m 16s
-
(Locked)
Running commands remotely from Velociraptor59s
-
(Locked)
Accessing client files with VFS2m 30s
-
(Locked)
Hunting with Velociraptor5m 44s
-
(Locked)
-
-
(Locked)
Installing the Kiwi TCMS test management system2m 12s
-
(Locked)
Security testing with Kiwi TCMS8m 42s
-
(Locked)
Installing the osTicket web app5m 52s
-
(Locked)
Managing trouble tickets9m 32s
-
(Locked)
Mind mapping with Freeplane6m 57s
-
(Locked)
Introducing the Valkey datastore2m 43s
-
(Locked)
Scripting with Valkey2m 12s
-
(Locked)