cit470

Task: Above-and-Beyond 7

As an individual “above-and-beyond” effort, select an interesting feature of your team’s IDS Sensor, or network monitor, or SIEM, and engage in a “deep-dive” study of that feature.

Before starting this above-and-beyond task, complete one of these team tasks with your partner(s): IDS Sensor, SNMP Network Monitoring, or SIEM.

Tools

• Varies based on project

Requirements

• Before starting this above-and-beyond task, complete one of these team tasks with your partner(s): IDS Sensor, SNMP Network Monitoring, or SIEM.
• The requirements for each of those three projects are just enough to get them installed and working, and to introduce you to their capabilities. As an individual “above-and-beyond” effort, select an interesting feature of your implemented tool, and engage in a “deep-dive” study of that feature.
  • Come up with your objective and your own short list of requirements for this “deep-dive” task.
  • Message your instructor for approval of your objective and requirements.
  • Successfully achieve your objective regarding the feature you selected.

Deliverable

Upload an illustrated tutorial, in which you explain what you did and how you accomplished it.

• Your document should be clear enough that one of your peers would be able to follow your instructions and accomplish the same tasks.
• Identify any difficult or challenging parts of the project, and clearly explain how you diagnosed and overcame your obstacles.
• Include a few cropped screen captures where appropriate. Also upload your updated and annotated network diagram.

Scoring Rubric

• If your tutorial satisfies every requirement outlined above, you will earn a passing score (one point).
• If your tutorial does not satisfy any one of the above requirements, you will earn no points. Your team must then address any deficiencies and re-upload corrected documents until you earn the passing score.

Hints

• Don’t spend too much time getting the perfect list of requirements. It’s better and faster to get a good objective and list of requirements, and then get your instructor feedback on your list.
• If you don’t notice a feature that strikes your passion, maybe one of the following will spark some creative ideas:
  • Explore the Cases feature of Security Onion, with an objective to implement a demonstration that shows a case used to collaboratively tackle a investigation of a network intrusion alert.
  • Expand your network monitoring package, with an objective to collect CPU and storage measurements from a couple of of your server VMs (in addition to the bandwith data you already collect from your Internet-facing firewall). A requirement could be: make your network monitor collect the desired data from the new data sources, and verify that the data collection is happening.
  • Explore the “visualization” features of your SIEM, with an objective to create a “dashboard” alert or graph that a security analyst or manager could use to check a system’s health. A requirement could be to monitor logs sent by your load balancer, and display an indicator on the dashboard whenever the load balancer detects that one or both of the balanced servers goes offline.